Abstract
Microarchitectural cross-VM covert channels are software-launched attacks which exploit multi-tenant environments' shared hardware. They enable transmitting information from a compromised system when the information flow policy does not allow to do so. These attacks represent a threat to the confidentiality and integrity of data processed and stored on cloud platforms. Although potentially severe, covert channels tend to be overlooked due to an allegedly strong adversary model. The literature focuses on mechanisms for encoding information through timing variations, without addressing practical considerations. Furthermore, the field lacks a realistic evaluation framework. Covert channels are usually compared to each other using the channel capacity. While a valuable performance metric, the capacity is inadequate to assess the severity of an attack. In this paper, we conduct a comprehensive study on the severity of microarchitectural covert channels in public clouds. State-of-the-art attacks are evaluated against the Common Vulnerability Scoring System in its most recent version (CVSS v3.1). The study shows that a medium severity score of 5.0 is achieved. In comparison, the SSLv3 POODLE (CVE-2014-3566) and OpenSSL Heartbleed (CVE-2014-0160) vulnerabilities achieved respective scores of 3.1 and 7.5. As such, the paper successfully demonstrates that covert channels are not theoretical threats, and that they require the immediate attention of the community. Furthermore, we devise a new and independent scoring system, the Covert Channel Scoring System (CCSS). The scoring of related works under the CCSS shows that cache-based covert channels, although more and more popular, are the least practical ones to deploy. We encourage authors of future cross-VM covert channel attacks to include a CCSS metric in their study, in order to account for deployment constraints and provide a fair point of comparison for the adversary model.
Original language | English |
---|---|
Title of host publication | Applied Cryptography and Network Security Workshops |
Subtitle of host publication | ACNS 2020 Satellite Workshops AIBlock, AIHWS, AIoTS, Cloud S&P, SCI, SecMT, and SiMLA Rome, Italy, October 19–22, 2020, Proceedings |
Editors | Jianying Zhou, Chuadhry Mujeeb Ahmed, Mauro Conti, Eleonora Losiouk, Man Ho Au, Lejla Batina, Zhou Li, Jingqiang Lin, Bo Luo, Suryadipta Majumdar, Weizhi Meng, Martín Ochoa, Stjepan Picek, Georgios Portokalidis, Cong Wang, Kehuan Zhang |
Place of Publication | Cham, Switzerland |
Publisher | Springer |
Pages | 360-377 |
Number of pages | 18 |
Volume | 12418 |
ISBN (Electronic) | 978-3-030-61638-0 |
ISBN (Print) | 978-3-030-61637-3 |
DOIs | |
Publication status | Published - 14 Oct 2020 |
Event | CLOUD S&P 2020: 2nd Workshop on Cloud Security and Privacy (in conjunction with ACNS 2020) - Rome, Rome, Italy Duration: 19 Oct 2020 → 22 Oct 2020 https://link.springer.com/chapter/10.1007/978-3-030-61638-0_20 |
Publication series
Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|
Volume | 12418 |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Conference
Conference | CLOUD S&P 2020 |
---|---|
Country/Territory | Italy |
City | Rome |
Period | 19/10/20 → 22/10/20 |
Internet address |
Keywords
- Covert channel
- Microarchitectural attack
- Cloud privacy
- Vulnerability
- Vulnerability study