Graduate School and Research Center in Digital Sciences

C5: Cross-cores cache covert channel

Maurice, Clémentine; Neumann, Christoph; Heen, Olivier; Francillon, Aurélien

DIMVA 2015, Detection of Intrusions and Malware, and Vulnerability Assessment, July 9-10, 2015, Milano, Italy

Best Paper Award

Cloud computing relies on hypervisors to isolate virtual machines running on shared hardware. Since perfect isolation is difficult to achieve, sharing hardware induces threats. Covert channels were demonstrated to violate isolation and, typically, allow data exfiltration. Several covert channels have been proposed that rely on the processor's cache. However, these covert channels are either slow or impractical due to the addressing uncertainty. This uncertainty exists in particular in virtualized environments and with recent L3 caches which are using complex addressing. Using shared memory would elude addressing uncertainty, but shared memory is not available in most practical setups. We build C5, a covert channel that tackles addressing uncertainty without requiring any shared memory, making the covert channel fast and practical. We are able to transfer messages on modern hardware across any cores of the same processor. The covert channel targets the last level cache that is shared across all cores. It exploits the inclusive feature of caches, allowing a core to evict lines in the private first level cache of another core. We experimentally evaluate the covert channel in native and virtualized environments. In particular, we successfully establish a covert channel between virtual machines running on different cores. We measure a bitrate of 1291bps for a native setup, and 751bps for a virtualized setup. This is one order of magnitude above previous cache-based covert channels in the same setup. 

Document Bibtex

Title:C5: Cross-cores cache covert channel
Keywords:Covert channel, Cache, Cross-VM, Virtualization, Cloud computing
Department:Digital Security
Eurecom ref:4554
Copyright: © 2015 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
Bibtex: @inproceedings{EURECOM+4554, year = {2015}, title = {{C}5: {C}ross-cores cache covert channel}, author = {{M}aurice, {C}l{\'e}mentine and {N}eumann, {C}hristoph and {H}een, {O}livier and {F}rancillon, {A}ur{\'e}lien }, booktitle = {{DIMVA} 2015, {D}etection of {I}ntrusions and {M}alware, and {V}ulnerability {A}ssessment, {J}uly 9-10, 2015, {M}ilano, {I}taly }, address = {{M}ilano, {ITALY}}, month = {07}, url = {} }
See also: