Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
}
TY - GEN
T1 - InfoLeak
T2 - Scheduling-based information leakage
AU - Vateva-Gurova, T.
AU - Manzoor, S.
AU - Huang, Y.
AU - Suri, Neeraj
PY - 2019/2/11
Y1 - 2019/2/11
N2 - Covert- and side-channel attacks, typically enabled by the usage of shared resources, pose a serious threat to complex systems such as the Cloud. While their exploitation in the real world depends on properties of the execution environment (e.g., scheduling), the explicit consideration of these factors is often neglected.This paper introduces InfoLeak, an information leakage model that establishes the crucial role of the scheduler for exploiting core-private caches as covert channels. We show, formally and empirically, how the availability of these channels and the corresponding attack feasibility are affected by scheduling. Moreover, our model allows security experts to assess the related threat, posed by core-private cache covert channels for a particular system by considering solely the scheduling information. To validate the utility of InfoLeak, we deploy a covert-channel attack and correlate its success ratio to the scheduling of the attacker processes in the target system. We demonstrate the applicability of the InfoLeak model for analyzing the scheduling information for possible information leakage and also provide an example on its usage.
AB - Covert- and side-channel attacks, typically enabled by the usage of shared resources, pose a serious threat to complex systems such as the Cloud. While their exploitation in the real world depends on properties of the execution environment (e.g., scheduling), the explicit consideration of these factors is often neglected.This paper introduces InfoLeak, an information leakage model that establishes the crucial role of the scheduler for exploiting core-private caches as covert channels. We show, formally and empirically, how the availability of these channels and the corresponding attack feasibility are affected by scheduling. Moreover, our model allows security experts to assess the related threat, posed by core-private cache covert channels for a particular system by considering solely the scheduling information. To validate the utility of InfoLeak, we deploy a covert-channel attack and correlate its success ratio to the scheduling of the attacker processes in the target system. We demonstrate the applicability of the InfoLeak model for analyzing the scheduling information for possible information leakage and also provide an example on its usage.
KW - Covert-channel attacks
KW - Feasibility
KW - Information leakage model
KW - Scheduling
KW - Side channel attacks
KW - Covert channels
KW - Execution environments
KW - Information leakage
KW - Scheduling information
KW - Security experts
KW - Shared resources
KW - Target systems
KW - Side channel attack
U2 - 10.1109/PRDC.2018.00015
DO - 10.1109/PRDC.2018.00015
M3 - Conference contribution/Paper
SP - 44
EP - 53
BT - 2018 IEEE 23rd Pacific Rim International Symposium on Dependable Computing (PRDC)
PB - IEEE
ER -