Journal of Computer Science and Technology ›› 2019, Vol. 34 ›› Issue (6): 1351-1365.doi: 10.1007/s11390-019-1979-8

• Computer Networks and Distributed Computing • Previous Articles     Next Articles

An Efficient Approach for Mitigating Covert Storage Channel Attacks in Virtual Machines by the Anti-Detection Criterion

Chong Wang1,2, Student Member, CCF, Nasro Min-Allah3, Bei Guan1, Yu-Qi Lin4, Jing-Zheng Wu1, Member, CCF, Yong-Ji Wang1,2, Senior Member, CCF   

  1. 1 Institute of Software, Chinese Academy of Sciences, Beijing 100190, China;
    2 University of Chinese Academy of Sciences, Beijing 100049, China;
    3 College of Computer Science and Information Technology, Imam Abdulrahman Bin Faisal University, Dammam 1982 Saudi Arabia;
    4 Block Chain Research Center, Blue Helix, Grand Cayman KY1-1100, Cayman Islands
  • Received:2018-11-29 Revised:2019-09-09 Online:2019-11-16 Published:2019-11-16
  • About author:Chong Wang is currently working toward his Ph.D. degree at the Institute of Software, Chinese Academy of Sciences, Beijing. He received his B.S. degree in computer science and technology from Beijing University of Technology, Beijing, in 2014. His main research interests include covert channel analysis, virtualization techniques, and information hiding.
  • Supported by:
    The work was supported by the National Natural Science Foundation of China under Grant No. 61772507 and the National Key Research and Development Program of China under Grant No. 2017YFB1002300.

PDF (PC)

62

Supplement

1

Covert channels have been an effective means for leaking confidential information across security domains and numerous studies are available on typical covert channels attacks and defenses. Existing covert channel threat restriction solutions are based on the threat estimation criteria of covert channels such as capacity, accuracy, and short messages which are effective in evaluating the information transmission ability of a covert (storage) channel. However, these criteria cannot comprehensively reflect the key factors in the communication process such as shared resources and synchronization and therefore are unable to evaluate covertness and complexity of increasingly upgraded covert storage channels. As a solution, the anti-detection criterion was introduced to eliminate these limitations of cover channels. Though effective, most threat restriction techniques inevitably incur high performance overhead and hence become impractical. In this work, we avoid such overheads and present a restriction algorithm based on the anti-detection criterion to restrict threats that are associated with covert storage channels in virtual machines while maintaining the resource efficiency of the systems. Experimental evaluation shows that our proposed solution is able to counter covert storage channel attacks in an effective manner. Compared with Pump, a well-known traditional restriction algorithm used in practical systems, our solution significantly reduces the system overhead.

Key words: covert storage channel; information security; covert channel threat evaluation; security and privacy protection;

[1] Lampson B W. A note on the confinement problem. Commun. ACM, 1973, 16(10):613-615.
[2] Wang Y, Wu J, Zeng H, Ding L, Liao X. Covert channel research. Journal of Software, 2010, 9(21):2262-2288. (in Chinese)
[3] Yan M, Shalabi Y, Torrellas J. ReplayConfusion:Detecting cache-based covert channel attacks using record and replay. In Proc. the 49th Annual IEEE/ACM Int. Symp. Microarchitecture, Oct. 2016, Article No. 39.
[4] Archibald R, Ghosal D. Design and analysis of a modelbased covert timing channel for skype traffic. In Proc. IEEE Conf. Communications and Network Security, Sept. 2015, pp.236-244.
[5] Chard K, Caton S, Rana O, Bubendorfer K. Social cloud:Cloud computing in social networks. In Proc. the 3rd IEEE Int. Conf. Cloud Computing, July 2010, pp.99-106.
[6] Riaz A, Qadir J, Younis U, Rasool U R, Ahmad H F, Kiani A K. Intrusion detection systems in cloud computing:A contemporary review of techniques and solutions. Journal of Information Science and Engineering, 2017, 33(3):611-634.
[7] Wang Z, Hayat M M, Ghani N, Shaban K B. A probabilistic multi-tenant model for virtual machine mapping in cloud systems. In Proc. the 3rd IEEE Int. Conf. Cloud Networking, Oct. 2014, pp.339-343.
[8] Win T Y, Tianfield H, Mair Q, Said T A, Rana O F. Virtual machine introspection. In Proc. the 7th Int. Conf. Security of Information and Networks, September 2014, Article No. 405.
[9] Lin Y, Malik S U R, Bilal K, Yang Q, Wang Y, Khan S U. Designing and modeling of covert channels in operating systems. IEEE Transactions on Computers, 2016, 65(6):1706-1719.
[10] Kadloor S, Kiyavash N, Venkitasubramaniam P. Mitigating timing side channel in shared schedulers. IEEE/ACM Trans. Netw., 2016, 24(3):1562-1573.
[11] Evtyushkin D, Ponomarev D, Abu-Ghazaleh N. Understanding and mitigating covert channels through branch predictors. ACM Trans. Archit. Code Optim., 2016, 13(1):Article No. 10.
[12] Zhang R, Su X, Wang J, Wang C, Liu W, Lau R W H. On mitigating the risk of cross-VM covert channels in a public cloud. IEEE Transactions on Parallel and Distributed Systems, 2015, 26(8):2327-2339.
[13] Ristenpart T, Tromer E, Shacham H, Savage S. Hey, you, get off of my cloud:Exploring information leakage in third-party compute clouds. In Proc. the 16th ACM Conf. Computer and Communications Security, November 2009, pp.199-212.
[14] Wu Z, Xu Z, Wang H. Whispers in the hyper-space:High-bandwidth and reliable covert channel attacks inside the cloud. IEEE/ACM Transactions on Networking, 2015, 23(2):603-615.
[15] Betz J, Westhoff D. C3-sched-A cache covert channel robust cloud computing scheduler. In Proc. the 9th Int. Conf. Internet Technology and Secured Transactions, Dec. 2014, pp.54-60.
[16] Oren Y, Kemerlis V P, Sethumadhavan S, Keromytis A D. The spy in the sandbox:Practical cache attacks in JavaScript and their implications. In Proc. the 22nd ACM SIGSAC Conf. Computer and Communications Security, Oct. 2015, pp.1406-1418.
[17] Zhang X, Xiao Y, Zhang Y. Return-oriented flush-reload side channels on ARM and their implications for Android devices. In Proc. the 2016 ACM SIGSAC Conf. Computer and Communications Security, Oct. 2016, pp.858-870.
[18] Moskowitz I S, Kang M H. Covert channels-here to stay? In Proc. the 9th IEEE Annual Conf. Computer Assurance, Jun 1994, pp.235-243.
[19] Zander S, Armitage G, Branch P. A survey of covert channels and countermeasures in computer network protocols. IEEE Communications Surveys Tutorials, 2007, 9(3):44-57.
[20] Wendzel S, Zander S, Fechner B, Herdin C. Pattern-based survey and categorization of network covert channel techniques. ACM Comput. Surv., 2015, 47(3):Article No. 50.
[21] Johnson D, Lutz P, Yuan B. Behavior-based covert channel in cyberspace. In Proc. the 4th International ISKE Conference on Intelligent Systems and Knowledge Engineering, Nov. 2009, pp.311-318.
[22] Wu J, Wang Y, Ding L, Liao X. Improving performance of network covert timing channel through Huffman coding. Mathematical and Computer Modelling, 2012, 55(1):69-79.
[23] Ksentini A, Abassi O. A comparison of VoIp performance over three routing protocols for IEEE 802.11s-based wireless mesh networks (wlan mesh). In Proc. the 6th ACM Int. Symp. Mobility Management and Wireless Access, Oct. 2008, pp.147-150.
[24] Cabuk S, Brodley C E, Shields C. IP covert timing channels:Design and detection. In Proc. the 11th ACM Conf. Computer and Communications Security, Oct. 2004, pp.178-187.
[25] Maqbool Q, Ayub S, Zulfiqar J, Shafi A. Virtual TCAM for data center switches. In Proc. IEEE Conf. Network Function Virtualization and Software Defined Network, Nov. 2015, pp.61-66.
[26] Tahir R, Khan M T, Gong X, Ahmed A, Ghassami A, Kazmi H, Caesar M, Zaffar F, Kiyavash N. Sneak-peek:High speed covert channels in data center networks. In Proc. the 35th Annual IEEE Int. Conf. Computer Communications, April 2016, Article No. 138.
[27] Wang M, Wu Q, Qin B, Wang Q, Liu J, Guan Z. Lightweight and manageable digital evidence preservation system on bitcoin. Journal of Computer Science and Technology, 2018, 33(3):568-586.
[28] Zou M H, Ma K, Wu K J, Sha E H M. Scan-based attack on stream ciphers:A case study on eSTREAM finalists. Journal of Computer Science and Technology, 2014, 29(4):646-655.
[29] Wu J, Ding L, Lin Y, Min-Allah N, Wang Y. XenPump:A new method to mitigate timing channel in cloud computing. In Proc. the 5th IEEE Int. Conf. Cloud Computing, June 2012, pp.678-685.
[30] Goguen J A, Meseguer J. Unwinding and inference control. In Proc. the 1984 IEEE Symp. Security and Privacy, April 1984, pp.75-87.
[31] Denning D E. A lattice model of secure information flow. Commun. ACM, 1976, 19(5):236-243.
[32] Kemmerer R A. A practical approach to identifying storage and timing channels:Twenty years later. In Proc. the 18th Annual Computer Security Applications Conf., Dec. 2002, pp.109-118.
[33] Wu J, Ding L, Wang Y, Han W. A practical covert channel identification approach in source code based on directed information flow graph. In Proc. the 5th Int. Conf. Secure Software Integration and Reliability Improvement, June 2011, pp.98-107.
[34] Millen J. 20 years of covert channel modeling and analysis. In Proc. the 1999 IEEE Symp. Security and Privacy, May 1999, pp.113-114.
[35] Wu J, Wang Y, Ding L, Zhang Y. Constructing scenario of event-flag covert channel in secure operating system. In Proc. the 2nd Int. Conf. Information and Multimedia Technology, Dec. 2010, pp.371-375.
[36] Lin Y, Ding L, Wu J, Xie Y, Wang Y. Robust and efficient covert channel communications in operating systems:Design, implementation and evaluation. In Proc. the 7th IEEE Int. Conf. Software Security and Reliability, June 2013, pp.45-52.
[37] Zeng H, Wang Y, Zu W, Cai J, Ruan L. New definition of small message criterion and its application in transaction covert channel mitigating. Journal of Software, 2009, 20(4):985-996. (in Chinese)
[38] Cabuk S, Brodley C E, Shields C. IP covert channel detection. ACM Trans. Inf. Syst. Secur., 2009, 12(4):Article No. 22.
[39] Wang C, Zhang C, Wu B, Tan Y, Wang Y. A novel antidetection criterion for covert storage channel threat estimation. Science China Information Sciences, 2018, 61(4):Article No. 048101.
[40] Tsai C R, Gligor V D. A bandwidth computation model for covert storage channels and its applications. In Proc. the 1988 IEEE Symp. Security and Privacy, Apr. 1988, pp.108-121.
[41] Wu J, Ding L, Wu Y, Min-Allah N, Khan S U, Wang Y. C2 Detector:A covert channel detection framework in cloud computing. Sec. and Commun. Netw., 2014, 7(3):544-557.
[42] Ristad E S, Yianilos P N. Learning string-edit distance. IEEE Transactions on Pattern Analysis and Machine Intelligence, 1998, 20(5):522-532.
[43] Kang M H, Moskowitz I S. A pump for rapid, reliable, secure communication. In Proc. the 1st ACM Conf. Computer and Communications Security, Nov. 1993, pp.119-129.
[44] Zhai J T, Wang M Q, Liu G J, Dai Y W. Detecting jitterbug covert timing channel with sparse embedding. Security and Communication Networks, 2016, 9(11):1509-1519.
[45] Gianvecchio S, Wang H. Detecting covert timing channels:An entropy-based approach. In Proc. the 2007 ACM Conf. Computer and Communications Security, Oct. 2007, pp.307-316.
[46] Hunger C, Kazdagli M, Rawat A, Dimakis A, Vishwanath S, Tiwari M. Understanding contention-based channels and using them for defense. In Proc. the 21st IEEE Int. Symp. High Performance Computer Architecture, Feb. 2015, pp.639-650.
[47] Zhang R, Su X, Wang J, Wang C, Liu W, Lau R W H. On mitigating the risk of cross-VM covert channels in a public cloud. IEEE Transactions on Parallel and Distributed Systems, 2015, 26(8):2327-2339.
[48] Caviglione L, Podolski M, Mazurczyk W, Ianigro M. Covert channels in personal cloud storage services:The case of dropbox. IEEE Transactions on Industrial Informatics, 2017, 13(4):1921-1931.
[49] Gai K, Wu Y, Zhu L, Xu L, Zhang Y. Permissioned blockchain and edge computing empowered privacypreserving smart grid networks. IEEE Internet of Things Journal. doi:10.1109/JIOT.2019.2904303.
[50] Evtyushkin D, Ponomarev D, Abu-Ghazaleh N. Understanding and mitigating covert channels through branch predictors. ACM Trans. Archit. Code Optim., 2016, 13(1):Article No. 10.
[51] Kim T, Peinado M, Mainar-Ruiz G. STEALTHMEM:System-level protection against cache-based side channel attacks in the cloud. In Proc. the 21st USENIX Security Symp., Aug. 2012, pp.189-204.
[52] Zhang Y, Juels A, Oprea A, Reiter M K. HomeAlone:Coresidency detection in the cloud via side-channel analysis. In Proc. IEEE Symp. Security and Privacy, May 2011, pp.313-328.
[53] Lin Y. Research on the covert channel analysis of general and cross platform technology[Ph.D. Thesis]. Institute of Software, Chinese Academy of Sciences, 2016. (in Chinese)
[54] Xu C J, Ding K H, Cai J Q, Grafarend E W. Methods of determining weight scaling factors for geodetic-geophysical joint inversion. Journal of Geodynamics, 2009, 47(1):39-46.
[55] Ristad E S, Yianilos P N. Learning string-edit distance. IEEE Transactions on Pattern Analysis and Machine Intelligence, 1998, 20(5):522-532.
[1] Chia-Chi Wu, Chin-Chen Chang, and Iuon-Chang Lin. New Sealed-Bid Electronic Auction with Fairness, Security and Efficiency [J]. , 2008, 23(2): 253-264 .
[2] Bo Qin, Qian-Hong Wu, Willy Susilo, Yi Mu, Yu-Min Wang, and Zheng-Tao Jiang. Short Group Signatures Without Random Oracles [J]. , 2007, 22(6): 805-821 .
[3] Xin-Yi Huang, Willy Susilo, Yi Mu, and Fu-Tai Zhang. Breaking and Repairing Trapdoor-Free Group Signature Schemes from Asiacrypt 2004 [J]. , 2007, 22(1): 71-74 .
[4] Jie Tian, Liang Li, and Xin Yang. Fingerprint-Based Identity Authentication and Digital Media Protection in Network Environment [J]. , 2006, 21(5): 861-870 .
[5] Deng-Guo Feng and Xiao-Yun Wang. Progress and Prospect of Some Fundamental Research on Information Security in China [J]. , 2006, 21(5): 740-755 .
[6] Hong-Da Li, Xiong Yang, Deng-Guo Feng, and Bao Li. Distributed Oblivious Function Evaluation and Its Applications [J]. , 2004, 19(6): 0-0.
[7] Hong-Da Li, Dong-Yao Ji, Deng-Guo Feng, and Bao Li. Oblivious Polynomial Evaluation [J]. , 2004, 19(4): 0-0.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
[1] Li Renwei;. Soundness and Completeness of Kung s Reasoning Procedure[J]. , 1988, 3(1): 7 -15 .
[2] Feng Yulin;. Hierarchical Protocol Analysis by Temporal Logic[J]. , 1988, 3(1): 56 -69 .
[3] Zhou Chaochen; Liu Xinxin;. Denote CSP with Temporal Formulas[J]. , 1990, 5(1): 17 -23 .
[4] Zhang Yin; Xu Zhuoqun;. Concurrent Manipulation of Expanded AVL Trees[J]. , 1998, 13(4): 325 -336 .
[5] Jian-Min Pang, Paul Callaghan, and Zhao-Hui Luo. LFTOP: An LF-Based Approach to Domain-Specific Reasoning[J]. , 2005, 20(4): 526 -535 .
[6] Weisong Shi , Sharun Santhosh, and Hanping Lufei. Secure Application-Aware Service Differentiation in Public Area Wireless Networks[J]. , 2005, 20(5): 676 -688 .
[7] Jun-Hao Zheng, Lei Deng, Peng Zhang, and Don Xie. An Efficient VLSI Architecture for Motion Compensation of AVS HDTV Decoder[J]. , 2006, 21(3): 370 -377 .
[8] Swapan Bhattacharya and Ananya Kanjilal. Code Based Analysis for Object-Oriented Systems[J]. , 2006, 21(6): 965 -972 .
[9] Yi-Wei Jiang and Yong He. Semi-Online Algorithms for Scheduling with Machine Cost[J]. , 2006, 21(6): 984 -988 .
[10] Ozgur Sinanoglu. Low Cost Scan Test by Test Correlation Utilization[J]. , 2007, 22(5): 681 -694 .

ISSN 1000-9000(Print)

         1860-4749(Online)
CN 11-2296/TP

 Home
Editorial Board
Author Guidelines
Subscription		 Journal of Computer Science and Technology
Institute of Computing Technology, Chinese Academy of Sciences
P.O. Box 2704, Beijing 100190 P.R. China
Tel.:86-10-62610746
E-mail: jcst@ict.ac.cn
 
  Copyright ©2015 JCST, All Rights Reserved