Abstract
With its wider acceptability, cloud can host a diverse set of data and applications ranging from entertainment to personal to industry. The foundation of cloud computing is based on virtual machines where boundaries among the application data are very thin, and the potential of data leakage exists all the time. For instance, a virtual machine covert timing channel is an aggressive mechanism to leak confidential information through shared components or networks by violating isolation and security policies in practice. The performance of a covert timing channel (covert channel) is crucial to adversaries and attempts have been made to improve the performance of covert timing channels by advancing the encoding mechanism and covert information carriers. Though promising, the redundancy of the covert message is mainly overlooked. This paper applies three encoding schemes namely run-length, Huffman, and arithmetic encoding schemes for data compression of a virtual machine covert timing channel by exploiting redundancy. Accordingly, the paper studies the performance of such channels according to their capacity. Unfortunately, we show that these encoding schemes still contain redundancy in a covert channel scenario, and thereby a new encoding scheme namely optimized Runlength encoding (OptRLE) is presented that greatly enhances the performance of a covert timing channel. Several optimizations schemes adopted by OptRLE are also discussed, and a mathematical model of the behavior of an OptRLE-based covert timing channel is proposed. The theoretical capacity of a channel can be obtained using the proposed model. Our analysis reveals that OptRLE further improves the performance of a covert timing channel, in addition to the effects of the optimizations. Experimental result shows how OptRLE affects the size of covert data and the capacity of covert timing channels, and why the performance of the covert timing channel is improved.
References
Gao F, Zhu L H, Gai K K, Zhang C, Liu S. Achieving a covert channel over an open blockchain network. IEEE Network, 2020, 34(2): 6–13. https://doi.org/10.1109/MNET.001.1900225.
Li Y Z, Zhang X S, Xu X T, Tan Y A. A robust packetdropout covert channel over wireless networks. IEEE Wireless Communications, 2020, 27(3): 60–65. https://doi.org/10.1109/MWC.001.1900431.
Wang Y J, Wu J Z, Zeng H T, Ding L P, Liao X F. Covert channel research. Journal of Software, 2010, 21(9): 2262–2288. https://doi.org/10.3724/SP.J.1001.2010.03880. (in Chinese)
Zhu Y, Yu M Y, Hu H X Ahn G J, Zhao H J. Efficient construction of provably secure steganography under ordinary covert channels. Science China Information Sciences, 2012, 55(7): 1639–1649. https://doi.org/10.1007/s11432-012-4598-3.
Guri M. MAGNETO: Covert channel between air-gapped systems and nearby smartphones via CPU-generated magnetic fields. Future Generation Computer Systems, 2021, 115: 115–125. https://doi.org/10.1016/j.future.2020.08.045.
Betz J, Westhoff D, Müller G. Survey on covert channels in virtual machines and cloud computing. Transactions on Emerging Telecommunications Technologies, 2017, 28(6): e3134. https://doi.org/10.1002/ett.3134.
Luo Y, Luo W, Sun X N, Shen Q N, Ruan A B, Wu Z H. Whispers between the containers: High-capacity covert channel attacks in Docker. In Proc. the 2016 IEEE Trustcom/BigDataSE/ISPA, Aug. 2016, pp.630–637. https://doi.org/10.1109/TrustCom.2016.0119.
Liu F F, Yarom Y, Ge Q, Heiser G, Lee R B. Last-level cache side-channel attacks are practical. In Proc. the 2015 IEEE Symposium on Security and Privacy, May 2015, pp.605–622. https://doi.org/10.1109/SP.2015.43.
Wu Z Y, Xu Z, Wang H N. Whispers in the hyper-space: High-bandwidth and reliable covert channel attacks inside the cloud. IEEE/ACM Transactions on Networking, 2015, 23(2): 603–615. https://doi.org/10.1109/TNET.2014.2304439.
Lu X R, Huang L S, Yang W, Shen Y. Concealed in the Internet: A novel covert channel with normal traffic imitating. In Proc. the 2016 Int. IEEE Conferences on Ubiquitous Intelligence & Computing, Advanced and Trusted Computing, Scalable Computing and Communications, Cloud and Big Data Computing, Internet of People, and Smart World Congress (UIC/ATC/ScalCom/CBDCom/IoP/SmartWorld), Jul. 2016, pp.285–292. https://doi.org/10.1109/UIC-ATC-ScalCom-CBDCom-IoP-SmartWorld.2016.0060.
Hussein O, Hamza N, Hefny H. A proposed covert channel based on memory reclamation. In Proc. the 17th IEEE International Conference on Intelligent Computing and Information Systems (ICICIS), Dec. 2015, pp.343–347. https://doi.org/10.1109/IntelCIS.2015.7397244.
Ameri A, Johnson D. Covert channel over network time protocol. In Proc. the 2017 International Conference on Cryptography, Security and Privacy, Mar. 2017, pp.62–65. https://doi.org/10.1145/3058060.3058082.
Vines P, Kohno T. Rook: Using video games as a lowbandwidth censorship resistant communication platform. In Proc. the 14th ACM Workshop on Privacy in the Electronic Society, Oct. 2015, pp.75–84. https://doi.org/10.1145/2808138.2808141.
Epishkina A, Kogos K. Protection from binary and multisymbol packet length covert channels. In Proc. the 8th International Conference on Security of Information and Networks, Sept. 2015, pp.196–202. https://doi.org/10.1145/2799979.2799994.
Yao F, Venkataramani G, Doroslovački M. Covert timing channels exploiting non-uniform memory access based architectures. In Proc. the on Great Lakes Symposium on VLSI 2017, May 2017, pp.155–160. https://doi.org/10.1145/3060403.3060417.
Lin Y Q, Malik S U R, Bilal K, Yang Q S, Wang Y J, Khan S U. Designing and modeling of covert channels in operating systems. IEEE Trans. Computers, 2016, 65(6): 1706–1719. https://doi.org/10.1109/TC.2015.2458862.
Tahir R, Khan M T, Gong X, Ahmed A, Ghassami A, Kazmi H, Caesar M, Zaffar F, Kiyavash N. Sneak-peek: High speed covert channels in data center networks. In Proc. the 35th Annual IEEE International Conference on Computer Communications, Apr. 2016. https://doi.org/10.1109/INFOCOM.2016.7524467.
Liguori A, Benedetto F, Giunta G, Kopal N, Wacker A. Analysis and monitoring of hidden TCP traffic based on an open-source covert timing channel. In Proc. the 2015 IEEE Conference on Communications and Network Security (CNS), Sept. 2015, pp.667–674. https://doi.org/10.1109/CNS.2015.7346885.
Wu J Z, Wang Y J, Ding L P, Liao X F. Improving performance of network covert timing channel through Huffman coding. Mathematical and Computer Modelling, 2012, 55(1/2): 69–79. https://doi.org/10.1016/j.mcm.2011.01.051.
Classen J, Schulz M, Hollick M. Practical covert channels for WiFi systems. In Proc. the 2015 IEEE Conference on Communications and Network Security (CNS), Sept. 2015, pp.209–217. https://doi.org/10.1109/CNS.2015.7346830.
Archibald R, Ghosal D. Design and analysis of a model-based covert timing channel for Skype traffic. In Proc. the 2015 IEEE Conference on Communications and Network Security (CNS), Sept. 2015, pp.236–244. https://doi.org/10.1109/CNS.2015.7346833.
Oren Y, Kemerlis V P, Sethumadhavan S, Keromytis A D. The spy in the sandbox: Practical cache attacks in JavaScript and their implications. In Proc. the 22nd ACM SIGSAC Conference on Computer and Communications Security, Oct. 2015, pp.1406–1418. https://doi.org/10.1145/2810103.2813708.
Evtyushkin D, Ponomarev D. Covert channels through random number generator: Mechanisms, capacity estimation and mitigations. In Proc. the 2016 ACM SIGSAC Conference on Computer and Communications Security, Oct. 2016, pp.843–857. https://doi.org/10.1145/2976749.2978374.
Zeng H T, Wang Y J, Zu W, Cai J Y, Ruan L. New definition of small message criterion and its application in transaction covert channel mitigating. Journal of Software, 2009, 20(4): 985–996. (in Chinese) https://doi.org/10.3724/SP.J.1001.2009.03246 .
Anwar S, Inayat Z, Zolkipli M F, Zain J M, Gani A, Anuar N B, Khan M K, Chang V. Cross-VM cache-based side channel attacks and proposed prevention mechanisms: A survey. Journal of Network and Computer Applications, 2017, 93: 259–279. https://doi.org/10.1016/j.jnca.2017.06.001.
Barham P, Dragovic B, Fraser K, Hand S, Harris T, Ho A, Neugebauer R, Pratt I, Warfield A. Xen and the art of virtualization. In Proc. the 19th ACM Symposium on Operating Systems Principles, Oct. 2003, pp.164–177. https://doi.org/10.1145/945445.945462.
Bugnion E, Devine S, Rosenblum M, Sugerman J, Wang E Y. Bringing virtualization to the x86 architecture with the original VMware workstation. ACM Trans. Computer Systems, 2012, 30(4): Article No. 12. https://doi.org/10.1145/2382553.2382554.
Irazoqui G, Eisenbarth T, Sunar B. S$A: A shared cache attack that works across cores and defies VM sandboxing—And its application to AES. In Proc. the 2015 IEEE Symposium on Security and Privacy, May 2015, pp.591–604. https://doi.org/10.1109/SP.2015.42.
Zhang R, Su X, Wang J, Wang C, Liu W, Lau R W H. On mitigating the risk of cross-VM covert channels in a public cloud. IEEE Trans. Parallel and Distributed Systems, 2015, 26(8): 2327–2339. https://doi.org/10.1109/TPDS.2014.2346504.
Ristenpart T, Tromer E, Shacham H, Savage S. Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds. In Proc. the 16th ACM Conference on Computer and Communications Security, Nov. 2009, pp.199–212. https://doi.org/10.1145/1653662.1653687.
Lampson B W. A note on the confinement problem. Communications of the ACM, 1973, 16(10): 613–615. https://doi.org/10.1145/362375.362389.
Girling C G. Covert channels in LAN’s. IEEE Trans. Software Engineering, 1987, SE-13(2): 292–296. https://doi.org/10.1109/TSE.1987.233153.
Millen J. 20 years of covert channel modeling and analysis. In Proc. the 1999 IEEE Symposium on Security and Privacy (Cat. No. 99CB36344), May 1999, pp.113–114. https://doi.org/10.1109/SECPRI.1999.766906.
Moskowitz I S, Kang M H. Covert channels—Here to stay? In Proc. the 9th IEEE Annual Conference on Computer Assurance, Jul. 1994, pp.235–243. https://doi.org/10.1109/CMPASS.1994.318449.
Zander S, Armitage G, Branch P. A survey of covert channels and countermeasures in computer network protocols. IEEE Communications Surveys & Tutorials, 2007, 9(3): 44–57. https://doi.org/10.1109/COMST.2007.4317620.
Wendzel S, Zander S, Fechner B, Herdin C. Patternbased survey and categorization of network covert channel techniques. ACM Computing Surveys, 2015, 47(3): Article No. 50. https://doi.org/10.1145/2684195.
Ge Q, Yarom Y, Cock D, Heiser G. A survey of microarchitectural timing attacks and countermeasures on contemporary hardware. Journal of Cryptographic Engineering, 2018, 8(1): 1–27. https://doi.org/10.1007/s13389-016-0141-6.
Xu Y J, Bailey M, Jahanian F, Joshi K, Hiltunen M, Schlichting R. An exploration of L2 cache covert channels in virtualized environments. In Proc. the 3rd ACM Workshop on Cloud Computing Security Workshop, Oct. 2011, pp.29–40. https://doi.org/10.1145/2046660.2046670.
Zhang X S, Zhu L H, Wang X M, Zhang C Y, Zhu H F, Tan Y A. A packet-reordering covert channel over volte voice and video traffics. Journal of Network and Computer Applications, 2019, 126: 29–38. https://doi.org/10.1016/j.jnca.2018.11.001.
Zhang Q X, Zhu M Y, Liang C, Wang K Q, Yang K, Li Y Z. A timestamp-regulating VoLTE covert channel against statistical analysis. Mobile Networks and Applications, 2021, 26(4): 1493–1502. https://doi.org/10.1007/s11036-019-01485-3.
Caviglione L, Podolski M, Mazurczyk W, Ianigro M. Covert channels in personal cloud storage services: The case of dropbox. IEEE Trans. Industrial Informatics, 2017, 13(4): 1921–1931. https://doi.org/10.1109/TII.2016.2627503.
Wu Z Y, Xu Z, Wang H N. Whispers in the hyper-space: High-speed covert channel attacks in the cloud. In Proc. the 21st USENIX Security Symposium, Aug. 2012, pp.159–173.
Huffman D A. A method for the construction of minimum-redundancy codes. Proceedings of the IRE, 1952, 40(9): 1098–1101. https://doi.org/10.1109/JRPROC.1952.273898.
El-Maleh A H, Al-Abaji R H. Extended frequency-directed run-length code with improved application to systemon-a-chip test data compression. In Proc. the 9th International Conference on Electronics, Circuits and Systems, Sept. 2002, pp.449–452. https://doi.org/10.1109/ICECS.2002.1046192.
Núñez J L, Jones S. Run-length coding extensions for high performance hardware data compression. IEE Proceedings—Computers and Digital Techniques, 2003, 150(6): 387–395. https://doi.org/10.1049/ip-cdt:20030750.
Wang C, Zhang C Y, Wu B, Tan Y A, Wang Y J. A novel anti-detection criterion for covert storage channel threat estimation. Science China Information Sciences, 2018, 61(4): 048101. https://doi.org/10.1007/s11432-017-9211-1.
Fern N, San I, Koç Ç K, Cheng K T T. Hiding hardware Trojan communication channels in partially specified SoC bus functionality. IEEE Trans. Computer-Aided Design of Integrated Circuits and Systems, 2017, 36(9): 1435–1444. https://doi.org/10.1109/TCAD.2016.2638439.
Liang C, Wang X M, Zhang X S, Zhang Y, Sharif K, Tan Y A. A payload-dependent packet rearranging covert channel for mobile VoIP traffic. Information Sciences, 2018, 465: 162–173. https://doi.org/10.1016/j.ins.2018.07.011.
Zhang X S, Liang C, Zhang Q X, Li Y Z, Zheng J, Tan Y A. Building covert timing channels by packet rearrangement over mobile networks. Information Sciences, 2018, 445/446: 66–78. https://doi.org/10.1016/j.ins.2018.03.007.
Biswas A K, Ghosal D, Nagaraja S. A survey of timing channels and countermeasures. ACM Computing Surveys, 2017, 50(1): Article No. 6. https://doi.org/10.1145/3023872.
Tsai C R, Gligor V D. A bandwidth computation model for covert storage channels and its applications. In Proc. the 1988 IEEE Symposium on Security and Privacy, Apr. 1988, pp.108–121. https://doi.org/10.1109/SECPRI.1988.8103.
Shieh S P. Estimating and measuring covert channel bandwidth in multilevel secure operating systems. Journal of Information Science and Engineering, 1999, 15(1): 91–106. https://doi.org/10.6688/JISE.1999.15.1.5.
Hunger C, Kazdagli M, Rawat A, Dimakis A, Vishwanath S, Tiwari M. Understanding contention-based channels and using them for defense. In Proc. the 21st IEEE International Symposium on High Performance Computer Architecture (HPCA), Feb. 2015, pp.639–650. https://doi.org/10.1109/HPCA.2015.7056069.
Evtyushkin D, Ponomarev D, Abu-Ghazaleh N. Understanding and mitigating covert channels through branch predictors. ACM Trans. Architecture and Code Optimization, 2016, 13(1): Article No. 10. https://doi.org/10.1145/2870636.
Gao X, Steenkamer B, Gu Z S, Kayaalp M, Pendarakis D, Wang H N. A study on the security implications of information leakages in container clouds. IEEE Trans. Dependable and Secure Computing, 2021, 18(1): 174–191. https://doi.org/10.1109/TDSC.2018.2879605.
Author information
Authors and Affiliations
Corresponding author
Supplementary Information
ESM 1
(PDF 124 kb)
Rights and permissions
About this article
Cite this article
Wang, C., Chen, RL. & Gu, L. Improving Performance of Virtual Machine Covert Timing Channel Through Optimized Run-Length Encoding. J. Comput. Sci. Technol. 38, 793–806 (2023). https://doi.org/10.1007/s11390-021-1189-z
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11390-021-1189-z