Abstract
Memory deduplication improves the memory efficiency of common multi-tenanted cloud. Due to the cross-VM memory sharing, malicious users can mount covert channel attack to steal secret information. While this kind of attack does not break the normal restrictions, it is very hard to detect and defend. In the paper, we present the design, implementation and evaluation of CovertInspector—a VMM-based system to identify and eliminate a covert timing channel constructed on shared memory. Our proof-of-concept prototype is built on KVM and Kernel Samepage Merging (KSM), with minor modification to KVM hypervisor (about 300 LOC). Further evaluation shows that CovertInspector is able to fully identify and eliminate such kind of covert channel with tolerable impact to the performance of guest VMs.
Similar content being viewed by others
References
Zhao, S., Lee, P.P., Lui, J., Guan, X., Ma, X., Tao, J.: Cloud-based push-styled mobile botnets: a case study of exploiting the cloud to device messaging service. In: Proceedings of the 28th Annual Computer Security Applications Conference, pp. 119–128. ACM (2012)
Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-VM side channels and their use to extract private keys. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 305–316. ACM (2012)
Lipinski, B., Mazurczyk, W., Szczypiorski, K.: Improving hard disk contention-based covert channel in cloud computing. In: Proceedings of the 2014 IEEE Symposium on Security and Privacy Workshop, pp. 100–107. IEEE (2014)
Chen, Z., Dong, W., Li, H., Zhang, P.: Collaborative network security in multi-tenant data center for cloud computing. Tsinghua Sci. Technol. 19(1), 82–94 (2014)
Zhu, Y., Yu, M., Hu, H., Ahn, G.J., Zhao, H.: Efficient construction of provably secure steganography under ordinary covert channels. Sci. China Inf. Sci. 55(7), 1639–1649 (2012)
Lampson, B.L.: A note on the confinement problem. Commun. ACM 16(10), 613–615 (1973)
Cabuk, S., Brodley, C.E., Shields, C.: IP covert timing channels: design and detection. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 178–187. ACM (2004)
Okamura, K., Oyama, Y.: Load-based covert channels between Xen virtual machines. In: Proceedings of the 2010 ACM Symposium on Applied Computing, pp. 173–180. ACM (2010)
Xu, Y., Bailey, M., Jahanian, F., Joshi, K., Hiltunen, M., Schlichting, R.: An exploration of L2 cache covert channels in virtualized environments. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security, pp. 29–40. ACM (2011)
Wu, Z., Xu, Z., Wang, H.: Whispers in the hyper-space: high-speed covert channel attacks in the cloud. In: Proceedings of the 21st USENIX Conference on Security Symposium, pp. 159–173. USENIX Association (2012)
Tsai, C.R., Gligor, V.D.: A bandwidth computation model for covert storage channels and its applications. In: Proceedings of the 1988 IEEE Symposium on Security and Privacy, pp. 108–121. IEEE (1988)
Hu, W.M.: Lattice scheduling and covert channels. In: Proceedings of the 1992 IEEE Symposium on Security and Privacy, pp. 52–61. IEEE (1992)
Bernstein, D.J.: Cache-timing attacks on AES. http://cr.yp.to/papers.html#cachetiming (2005). Accessed 10 June 2015
Wang, Z., Lee, R.B.: Covert and side channels due to processor architecture. In: Proceedings of the 22nd Annual Computer Security Applications Conference, pp. 473–482. IEEE (2006)
Wu, J., Ding, L., Wang, Y., Han, W.: Identification and evaluation of sharing memory covert timing channel in Xen virtual machines. In: Proceedings of the 4th International Conference on Cloud Computing, pp. 283–291. IEEE (2011)
Xiao, J., Xu, Z., Huang, H., Wang, H.: Security implications of memory deduplication in a virtualized environment. In: Proceedings of the 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 1–12. IEEE (2013)
Rezaei, F., Hempel, M., Shrestha, P.L., Sharif, H.: Achieving robustness and capacity gains in covert timing channels. In: Proceedings of the 2014 IEEE International Conference on Communications, pp. 969–974. IEEE (2014)
Wang, Y., Ferraiuolo, A., Suh, G.E.: Timing channel protection for a shared memory controller. In: Proceedings of the 20th International Symposium on High Performance Computer Architecture, pp. 225–236. IEEE (2014)
Waldspurger, C.A.: Memory resource management in VMWare ESX server. ACM SIGOPS Oper. Syst. Rev. 36(SI), 181–194 (2002)
Arcangeli, A., Eidus, I., Wright, C.: Increasing memory density by using KSM. In: Proceedings of the 2009 Ottawa Linux Symposium, pp. 19–28 (2009)
Gupta, D., Lee, S., Vrable, M., Savage, S., Snoeren, A.C., Varghese, G., Voelker, G.M., Vahdat, A.: Difference engine: harnessing memory redundancy in virtual machines. Commun. ACM 53(10), 85–93 (2010)
Suzaki, K., Iijima, K., Yagi, T., Artho, C.: Implementation of a memory disclosure attack on memory deduplication of virtual machines. IEICE Trans. Fundam. Electr. Commun. Comput. Sci. 96(1), 215–224 (2013)
Wu, J., Ding, L., Lin, Y., Min-Allah, N., Wang, Y.: XenPump: a new method to mitigate timing channel in cloud computing. In: Proceedings of the 5th International Conference on Cloud Computing, pp. 678–685. IEEE (2012)
Page fault. OSDev.org. http://wiki.osdev.org/Page_fault (2008). Accessed 10 June 2015
Kang, H.: Low level design for identification of the guest OS process from VMM: KVM. http://blog.csdn.net/kanghua/article/details/1767032 (2007). Accessed 10 June 2015
Smith, B., Grehan, R., Yager, T., Niemi, D. C.: Byte-unixbench: a Unix benchmark suite. http://code.google.com/p/byte-unixbench/ (2009). Accessed 10 June 2015
Staelin, C.: Lmbench: an extensible micro-benchmark suite. Softw. Pract. Exp. 35(11), 1079–1105 (2005)
Acknowledgments
This work is supported by National Basic Research Program of China (973 Program) under Grant No. 2014CB340600, and National Natural Science Foundation of China under Grant No. 61370106.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Wang, S., Qiang, W., Jin, H. et al. CovertInspector: Identification of Shared Memory Covert Timing Channel in Multi-tenanted Cloud. Int J Parallel Prog 45, 142–156 (2017). https://doi.org/10.1007/s10766-015-0391-4
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10766-015-0391-4