Journal of Computer Science and Technology

   

Improving Performance of Virtual Machine Covert Timing Channel Attacks through Optimized Run-length Encoding

Chong Wang1,2, Rong-liang Chen1,3, and Liang Gu2, Member, CCF   

  1. 1Shenzhen Institutes of Advanced Technology, Chinese Academy of Science, Shenzhen 518055, China
    2Sangfor Technologies Inc., Shenzhen 518055, China
    3Shenzhen Key Laboratory for Exascale Engineering and Scientific Computing, Shenzhen 518055, China

With its wider acceptability, cloud can host a diverse set of data and applications ranging from entertainment to personal to industry. The foundation of cloud computing is based on virtual machines where boundaries among the application data are very thin, and the potential of data leakage exists all the time. For instance, a virtual machine covert timing channel is an aggressive mechanism to leak confidential information through shared components or networks by violating isolation and security policies in practice. The performance of a covert channel is crucial to adversaries and attempts have been made to improve the performance of covert timing channels by advancing the encoding mechanism and covert information carriers. Though promising, the redundancy of the covert message is mainly overlooked. This paper applies three encoding schemes namely Run-length, Huffman, and Arithmetic encoding schemes for data compression of a virtual machine covert timing channel by exploiting redundancy. Accordingly, the paper studies the performance of such channels according to the channel capacity. Unfortunately, we show that these encoding schemes still contain redundancy in a covert channel scenario, and thereby a new encoding scheme namely optimized Run-length encoding (OptRLE) is presented that greatly enhances the performance of a covert timing channel. Several optimizations schemes adopted by OptRLE are also discussed, and a mathematical model of the behavior of an OptRLE-based covert timing channel is proposed. The theoretical capacity of a channel can be obtained using the proposed model. Our analysis reveals that OptRLE further improves the performance of a covert timing channel, in addition to the effects of the optimizations. Experimental result examines how OptRLE affects the size of covert data and the capacity of covert channels, and why the performance of the covert timing channel is improved.


中文摘要

1、研究背景
随着云计算的不断发展,现实生活中的各个方面以及各种行业中,以及各种数据和应用程序中都能看到云的影子。其中,数据安全是一个主要问题,因为任何数据泄露事故都可能危及整个系统的运行。云计算的基础是虚拟化,而在此场景中,应用数据之间的边界很薄,数据泄露的可能性一直存在。例如,虚拟机隐蔽时间信道是一种传输及泄露信息机制,通过共享组件或网络泄漏机密信息,破坏了隔离性和安全性。隐蔽信道的性能对攻击者来说至关重要,并且现有研究已经尝试通过改进编码机制和隐蔽信息载体来提高隐蔽定时信道的性能。尽管取得了一定的成效,但大多数研究缺乏对隐蔽信息自身冗余的关注。
2、目的
隐蔽信道的性能对攻击者来说至关重要,并且现有研究已经尝试通过改进编码机制和隐蔽信息载体来提高隐蔽定时信道的性能。尽管取得了一定的成效,但大多数研究缺乏对隐蔽信息自身冗余的关注。本文首先利用三种现有编码方案,即游程编码、霍夫曼编码和算术编码三种方案,对虚拟机时间隐蔽信道进行数据压缩。并且根据信道容量来研究此类信道的性能。然而不幸的是,实验表明这些编码方案在隐蔽信道场景中仍然包含冗余。
3、方法
提出了一种新的编码方案,即 OptRLE,大大提高了隐蔽定时信道的性能。还讨论了 OptRLE 采用的几种优化方案,并提出了基于 OptRLE 的隐蔽定时通道行为的数学模型。可以使用所提出的模型获得信道的理论容量。
4、结果
我们的分析表明,除了优化的影响之外,OptRLE 进一步提高了隐蔽时序通道的性能。实验结果考察了 OptRLE 如何影响隐蔽数据的大小和隐蔽通道的容量,以及隐蔽定时通道的性能提高的原因。
5、结论
隐蔽通道的性能对于想要保持信息传输完全匿名的防御者和想要泄露机密信息的攻击者来说都是至关重要的。我们将Run-length、Huffman和Arithmetic编码机制引入隐蔽时序通道领域,提升了虚拟机隐蔽时序通道的性能。对上述三种编码机制进行了比较,并讨论了将这些编码机制直接应用于隐蔽定时信道时的几个问题。为了解决这些问题,本文提出了对游程长度编码机制的几种优化,并提出了 OptRLE 以进一步提高隐蔽通道的性能。详细研究了诸如消除 00 和 01 等优化的有效性。 OptRLE利用了隐蔽数据的冗余,提高了信道容量和隐蔽性。与其他编码机制相比,实验结果表明,在现实场景中使用 OptRLE 的最佳容量可以达到 22.61 bps。与传输明文的信道相比,OptRLE 的容量提高了 34%。同时证明传输时间随着码本大小的增加而增加。隐蔽信道使用的传输时间越短,信道的隐蔽性就越高。受制于网络环境和权限级别,可以通过调整IPD的值来进一步提升通道性能。



Key words: covert storage channels, information security, covert channel threat evaluation, anti-detection criterion, covert channel restrictions

;

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
[1] Zhou Di;. A Recovery Technique for Distributed Communicating Process Systems[J]. , 1986, 1(2): 34 -43 .
[2] Feng Yulin;. Recursive Implementation of VLSI Circuits[J]. , 1986, 1(2): 72 -82 .
[3] Jin Lan; Yang Yuanyuan;. A Modified Version of Chordal Ring[J]. , 1986, 1(3): 15 -32 .
[4] Wang Jianchao; Wei Daozheng;. An Effective Test Generation Algorithm for Combinational Circuits[J]. , 1986, 1(4): 1 -16 .
[5] Min Yinghua; Han Zhide;. A Built-in Test Pattern Generator[J]. , 1986, 1(4): 62 -74 .
[6] Wu Yunzeng;. On the Development of Applications of Logic in Programming[J]. , 1987, 2(1): 30 -34 .
[7] Zhong Renbao; Xing Lin; Ren Zhaoyang;. An Interactive System SDI on Microcomputer[J]. , 1987, 2(1): 64 -71 .
[8] Xia Peisu; Fang Xinwo; Wang Yuxiang; Yan Kaiming; Zhang Tingjun; Liu Yulan; Zhao Chunying; Sun Jizhong;. Design of Array Processor Systems[J]. , 1987, 2(3): 163 -173 .
[9] S. T. Chanson; L. Liang; A. Kumar. Throughput Models of CSMA Network with Stations Uniformly Distributed along the Bus[J]. , 1987, 2(4): 243 -264 .
[10] Qi Yulu;. A Systolic Approach for an Improvement of a Finite Field Multiplier[J]. , 1987, 2(4): 303 -309 .

ISSN 1000-9000(Print)

         1860-4749(Online)
CN 11-2296/TP

Home
Editorial Board
Author Guidelines
Subscription
Journal of Computer Science and Technology
Institute of Computing Technology, Chinese Academy of Sciences
P.O. Box 2704, Beijing 100190 P.R. China
Tel.:86-10-62610746
E-mail: jcst@ict.ac.cn
 
  Copyright ©2015 JCST, All Rights Reserved