Skip to main content

Advertisement

SpringerLink
Log in

An Efficient Approach for Mitigating Covert Storage Channel Attacks in Virtual Machines by the Anti-Detection Criterion

  • Regular Paper
  • Published:
Journal of Computer Science and Technology Aims and scope Submit manuscript

Abstract

Covert channels have been an effective means for leaking confidential information across security domains and numerous studies are available on typical covert channels attacks and defenses. Existing covert channel threat restriction solutions are based on the threat estimation criteria of covert channels such as capacity, accuracy, and short messages which are effective in evaluating the information transmission ability of a covert (storage) channel. However, these criteria cannot comprehensively reflect the key factors in the communication process such as shared resources and synchronization and therefore are unable to evaluate covertness and complexity of increasingly upgraded covert storage channels. As a solution, the anti-detection criterion was introduced to eliminate these limitations of cover channels. Though effective, most threat restriction techniques inevitably incur high performance overhead and hence become impractical. In this work, we avoid such overheads and present a restriction algorithm based on the anti-detection criterion to restrict threats that are associated with covert storage channels in virtual machines while maintaining the resource efficiency of the systems. Experimental evaluation shows that our proposed solution is able to counter covert storage channel attacks in an effective manner. Compared with Pump, a well-known traditional restriction algorithm used in practical systems, our solution significantly reduces the system overhead.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Similar content being viewed by others

References

  1. Lampson B W. A note on the confinement problem. Commun. ACM, 1973, 16(10): 613-615.

    Article  Google Scholar 

  2. Wang Y, Wu J, Zeng H, Ding L, Liao X. Covert channel research. Journal of Software, 2010, 9(21): 2262-2288. (in Chinese)

    Google Scholar 

  3. Yan M, Shalabi Y, Torrellas J. ReplayConfusion: Detecting cache-based covert channel attacks using record and replay. In Proc. the 49th Annual IEEE/ACM Int. Symp. Microarchitecture, Oct. 2016, Article No. 39.

  4. Archibald R, Ghosal D. Design and analysis of a modelbased covert timing channel for skype traffic. In Proc. IEEE Conf. Communications and Network Security, Sept. 2015, pp.236-244.

  5. Chard K, Caton S, Rana O, Bubendorfer K. Social cloud: Cloud computing in social networks. In Proc. the 3rd IEEE Int. Conf. Cloud Computing, July 2010, pp.99-106.

  6. Riaz A, Qadir J, Younis U, Rasool U R, Ahmad H F, Kiani A K. Intrusion detection systems in cloud computing: A contemporary review of techniques and solutions. Journal of Information Science and Engineering, 2017, 33(3): 611-634.

    Google Scholar 

  7. Wang Z, Hayat M M, Ghani N, Shaban K B. A probabilistic multi-tenant model for virtual machine mapping in cloud systems. In Proc. the 3rd IEEE Int. Conf. Cloud Networking, Oct. 2014, pp.339-343.

  8. Win T Y, Tianfield H, Mair Q, Said T A, Rana O F. Virtual machine introspection. In Proc. the 7th Int. Conf. Security of Information and Networks, September 2014, Article No. 405.

  9. Lin Y, Malik S U R, Bilal K, Yang Q, Wang Y, Khan S U. Designing and modeling of covert channels in operating systems. IEEE Transactions on Computers, 2016, 65(6): 1706-1719.

    Article  MathSciNet  Google Scholar 

  10. Kadloor S, Kiyavash N, Venkitasubramaniam P. Mitigating timing side channel in shared schedulers. IEEE/ACM Trans. Netw., 2016, 24(3): 1562-1573.

    Article  Google Scholar 

  11. Evtyushkin D, Ponomarev D, Abu-Ghazaleh N. Understanding and mitigating covert channels through branch predictors. ACM Trans. Archit. Code Optim., 2016, 13(1): Article No. 10.

    Article  Google Scholar 

  12. Zhang R, Su X, Wang J, Wang C, Liu W, Lau R W H. On mitigating the risk of cross-VM covert channels in a public cloud. IEEE Transactions on Parallel and Distributed Systems, 2015, 26(8): 2327-2339.

    Article  Google Scholar 

  13. Ristenpart T, Tromer E, Shacham H, Savage S. Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds. In Proc. the 16th ACM Conf. Computer and Communications Security, November 2009, pp.199-212.

  14. Wu Z, Xu Z, Wang H. Whispers in the hyper-space: High-bandwidth and reliable covert channel attacks inside the cloud. IEEE/ACM Transactions on Networking, 2015, 23(2): 603-615.

    Article  Google Scholar 

  15. Betz J, Westhoff D. C3-sched — A cache covert channel robust cloud computing scheduler. In Proc. the 9th Int. Conf. Internet Technology and Secured Transactions, Dec. 2014, pp.54-60.

  16. Oren Y, Kemerlis V P, Sethumadhavan S, Keromytis A D. The spy in the sandbox: Practical cache attacks in JavaScript and their implications. In Proc. the 22nd ACM SIGSAC Conf. Computer and Communications Security, Oct. 2015, pp.1406-1418.

  17. Zhang X, Xiao Y, Zhang Y. Return-oriented flush-reload side channels on ARM and their implications for Android devices. In Proc. the 2016 ACM SIGSAC Conf. Computer and Communications Security, Oct. 2016, pp.858-870.

  18. Moskowitz I S, Kang M H. Covert channels-here to stay? In Proc. the 9th IEEE Annual Conf. Computer Assurance, Jun 1994, pp.235-243.

  19. Zander S, Armitage G, Branch P. A survey of covert channels and countermeasures in computer network protocols. IEEE Communications Surveys Tutorials, 2007, 9(3): 44-57.

    Article  Google Scholar 

  20. Wendzel S, Zander S, Fechner B, Herdin C. Pattern-based survey and categorization of network covert channel techniques. ACM Comput. Surv., 2015, 47(3): Article No. 50.

    Article  Google Scholar 

  21. Johnson D, Lutz P, Yuan B. Behavior-based covert channel in cyberspace. In Proc. the 4th International ISKE Conference on Intelligent Systems and Knowledge Engineering, Nov. 2009, pp.311-318.

  22. Wu J, Wang Y, Ding L, Liao X. Improving performance of network covert timing channel through Huffman coding. Mathematical and Computer Modelling, 2012, 55(1): 69-79.

    Article  MathSciNet  Google Scholar 

  23. Ksentini A, Abassi O. A comparison of VoIp performance over three routing protocols for IEEE 802.11s-based wireless mesh networks (wlan mesh). In Proc. the 6th ACM Int. Symp. Mobility Management and Wireless Access, Oct. 2008, pp.147-150.

  24. Cabuk S, Brodley C E, Shields C. IP covert timing channels: Design and detection. In Proc. the 11th ACM Conf. Computer and Communications Security, Oct. 2004, pp.178-187.

  25. Maqbool Q, Ayub S, Zulfiqar J, Shafi A. Virtual TCAM for data center switches. In Proc. IEEE Conf. Network Function Virtualization and Software Defined Network, Nov. 2015, pp.61-66.

  26. Tahir R, Khan M T, Gong X, Ahmed A, Ghassami A, Kazmi H, Caesar M, Zaffar F, Kiyavash N. Sneak-peek: High speed covert channels in data center networks. In Proc. the 35th Annual IEEE Int. Conf. Computer Communications, April 2016, Article No. 138.

  27. Wang M, Wu Q, Qin B, Wang Q, Liu J, Guan Z. Lightweight and manageable digital evidence preservation system on bitcoin. Journal of Computer Science and Technology, 2018, 33(3): 568-586.

    Article  Google Scholar 

  28. Zou M H, Ma K, Wu K J, Sha E H M. Scan-based attack on stream ciphers: A case study on eSTREAM finalists. Journal of Computer Science and Technology, 2014, 29(4): 646-655.

    Article  Google Scholar 

  29. Wu J, Ding L, Lin Y, Min-Allah N, Wang Y. XenPump: A new method to mitigate timing channel in cloud computing. In Proc. the 5th IEEE Int. Conf. Cloud Computing, June 2012, pp.678-685.

  30. Goguen J A, Meseguer J. Unwinding and inference control. In Proc. the 1984 IEEE Symp. Security and Privacy, April 1984, pp.75-87.

  31. Denning D E. A lattice model of secure information flow. Commun. ACM, 1976, 19(5): 236-243.

    Article  MathSciNet  Google Scholar 

  32. Kemmerer R A. A practical approach to identifying storage and timing channels: Twenty years later. In Proc. the 18th Annual Computer Security Applications Conf., Dec. 2002, pp.109-118.

  33. Wu J, Ding L, Wang Y, Han W. A practical covert channel identification approach in source code based on directed information flow graph. In Proc. the 5th Int. Conf. Secure Software Integration and Reliability Improvement, June 2011, pp.98-107.

  34. Millen J. 20 years of covert channel modeling and analysis. In Proc. the 1999 IEEE Symp. Security and Privacy, May 1999, pp.113-114.

  35. Wu J, Wang Y, Ding L, Zhang Y. Constructing scenario of event-flag covert channel in secure operating system. In Proc. the 2nd Int. Conf. Information and Multimedia Technology, Dec. 2010, pp.371-375.

  36. Lin Y, Ding L, Wu J, Xie Y, Wang Y. Robust and efficient covert channel communications in operating systems: Design, implementation and evaluation. In Proc. the 7th IEEE Int. Conf. Software Security and Reliability, June 2013, pp.45-52.

  37. Zeng H, Wang Y, Zu W, Cai J, Ruan L. New definition of small message criterion and its application in transaction covert channel mitigating. Journal of Software, 2009, 20(4): 985-996. (in Chinese)

    Google Scholar 

  38. Cabuk S, Brodley C E, Shields C. IP covert channel detection. ACM Trans. Inf. Syst. Secur., 2009, 12(4): Article No. 22.

    Article  Google Scholar 

  39. Wang C, Zhang C, Wu B, Tan Y, Wang Y. A novel antidetection criterion for covert storage channel threat estimation. Science China Information Sciences, 2018, 61(4): Article No. 048101.

  40. Tsai C R, Gligor V D. A bandwidth computation model for covert storage channels and its applications. In Proc. the 1988 IEEE Symp. Security and Privacy, Apr. 1988, pp.108-121.

  41. Wu J, Ding L, Wu Y, Min-Allah N, Khan S U, Wang Y. C2Detector: A covert channel detection framework in cloud computing. Sec. and Commun. Netw., 2014, 7(3): 544-557.

    Article  Google Scholar 

  42. Ristad E S, Yianilos P N. Learning string-edit distance. IEEE Transactions on Pattern Analysis and Machine Intelligence, 1998, 20(5): 522-532.

    Article  Google Scholar 

  43. Kang M H, Moskowitz I S. A pump for rapid, reliable, secure communication. In Proc. the 1st ACM Conf. Computer and Communications Security, Nov. 1993, pp.119-129.

  44. Zhai J T, Wang M Q, Liu G J, Dai YW. Detecting jitterbug covert timing channel with sparse embedding. Security and Communication Networks, 2016, 9(11): 1509-1519.

    Article  Google Scholar 

  45. Gianvecchio S, Wang H. Detecting covert timing channels: An entropy-based approach. In Proc. the 2007 ACM Conf. Computer and Communications Security, Oct. 2007, pp.307-316.

  46. Hunger C, Kazdagli M, Rawat A, Dimakis A, Vishwanath S, Tiwari M. Understanding contention-based channels and using them for defense. In Proc. the 21st IEEE Int. Symp. High Performance Computer Architecture, Feb. 2015, pp.639-650.

  47. Zhang R, Su X, Wang J, Wang C, Liu W, Lau R W H. On mitigating the risk of cross-VM covert channels in a public cloud. IEEE Transactions on Parallel and Distributed Systems, 2015, 26(8): 2327-2339.

    Article  Google Scholar 

  48. Caviglione L, Podolski M, Mazurczyk W, Ianigro M. Covert channels in personal cloud storage services: The case of dropbox. IEEE Transactions on Industrial Informatics, 2017, 13(4): 1921-1931.

    Article  Google Scholar 

  49. Gai K, Wu Y, Zhu L, Xu L, Zhang Y. Permissioned blockchain and edge computing empowered privacypreserving smart grid networks. IEEE Internet of Things Journal. doi:https://doi.org/10.1109/JIOT.2019.2904303.

    Article  Google Scholar 

  50. Evtyushkin D, Ponomarev D, Abu-Ghazaleh N. Understanding and mitigating covert channels through branch predictors. ACM Trans. Archit. Code Optim., 2016, 13(1): Article No. 10.

    Article  Google Scholar 

  51. Kim T, Peinado M, Mainar-Ruiz G. STEALTHMEM: System-level protection against cache-based side channel attacks in the cloud. In Proc. the 21st USENIX Security Symp., Aug. 2012, pp.189-204.

  52. Zhang Y, Juels A, Oprea A, Reiter M K. HomeAlone: Coresidency detection in the cloud via side-channel analysis. In Proc. IEEE Symp. Security and Privacy, May 2011, pp.313-328.

  53. Lin Y. Research on the covert channel analysis of general and cross platform technology [Ph.D. Thesis]. Institute of Software, Chinese Academy of Sciences, 2016. (in Chinese)

  54. Xu C J, Ding K H, Cai J Q, Grafarend E W. Methods of determining weight scaling factors for geodetic-geophysical joint inversion. Journal of Geodynamics, 2009, 47(1): 39-46.

    Article  Google Scholar 

  55. Ristad E S, Yianilos P N. Learning string-edit distance. IEEE Transactions on Pattern Analysis and Machine Intelligence, 1998, 20(5): 522-532.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Software, Chinese Academy of Sciences, Beijing, 100190, China

    Chong Wang, Bei Guan, Jing-Zheng Wu & Yong-Ji Wang

  2. University of Chinese Academy of Sciences, Beijing, 100049, China

    Chong Wang & Yong-Ji Wang

  3. College of Computer Science and Information Technology, Imam Abdulrahman Bin Faisal University, Dammam, 1982, Saudi Arabia

    Nasro Min-Allah

  4. Block Chain Research Center, Blue Helix, KY1-1100, Grand Cayman, Cayman Islands

    Yu-Qi Lin

Authors
  1. Chong Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nasro Min-Allah
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bei Guan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yu-Qi Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jing-Zheng Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Yong-Ji Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chong Wang.

Electronic supplementary material

ESM 1

(PDF 601 kb)

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Wang, C., Min-Allah, N., Guan, B. et al. An Efficient Approach for Mitigating Covert Storage Channel Attacks in Virtual Machines by the Anti-Detection Criterion. J. Comput. Sci. Technol. 34, 1351–1365 (2019). https://doi.org/10.1007/s11390-019-1979-8

Download citation

  • Received:

  • Revised:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11390-019-1979-8

Keywords

Search

Navigation