Download PDFOpen PDF in browserLeaky Controller: Cross-VM Memory Controller Covert Channel on Multi-Core SystemsEasyChair Preprint 294114 pages•Date: March 11, 2020AbstractData confidentiality is put at risk on cloud platforms where multiple tenants share the underlying hardware. As multiple workloads are executed concurrently, conflicts in memory resource occur, resulting in observable timing variations during execution. Malicious tenants can intentionally manipulate the hardware platform to devise a covert channel, enabling them to steal the data of co-residing tenants. This paper presents two new microarchitectural covert channel attacks using the memory controller. The first attack allows a privileged adversary (i.e. process) to leak information in a native environment. The second attack is an extension to cross-VM scenarios for unprivileged adversaries. This work is the first instance of leakage channel based on the memory controller. As opposed to previous denial-of-service attacks, we manage to modulate the load on the channel scheduler with accuracy. Both attacks are implemented on cross-core configurations. Furthermore, the cross-VM covert channel is successfully tested across three different Intel microarchitectures. Finally, a comparison against state-of-the-art covert channel attacks is provided, along with a discussion on potential mitigation techniques. Keyphrases: Channel Attack, Covert Channel Attack, Cross-VM, DRAM, DRAM bank, DRAM row buffer, Ivy Bridge, Memory Controller, Microarchitectural attack, Row Buffer, Timing variation, Virtualized Environment, channel capacity, channel scheduler, controller channel scheduler, covert channel, dram addressing function, leaky controller, memory access, memory controller channel, microarchitectural covert channel attack, physical address, privileged covert channel, raw bit rate, timing channel, uncached memory access, vm covert channel
|