TU Darmstadt / ULB / TUbiblio

An Empirical Bandwidth Analysis of Interrupt-Related Covert Channels

Gay, Richard and Mantel, Heiko and Sudbrock, Henning (2013):
An Empirical Bandwidth Analysis of Interrupt-Related Covert Channels.
In: 2nd International Workshop on Quantitative Aspects in Security Assurance, [Online-Edition: https://www.iit.cnr.it/qasa2013/],
[Conference or Workshop Item]

Abstract

We empirically evaluate interrupt-related covert channels, in short IRCCs, a type of covert channel that leverages hardware interrupts for communication. The evaluation is based on an exploit of IRCCs that we implemented as a proof-of-concept. We use a combination of experimental evaluation and information-theoretic analysis to compute the bandwidth of the channel on a concrete system. Our analysis shows a channel bandwidth of IRCCs based on interrupts of network interface cards (NICs) of approximately 5 bit/s. Besides the channel bandwidth, our experiments revealed previously unnoticed properties of IRCCs based on interrupts of NICs. While side channels based on hardware interrupts have been discussed before, this is the first experimental evaluation of covert channels based on hardware interrupts.

Item Type: Conference or Workshop Item
Erschienen: 2013
Creators: Gay, Richard and Mantel, Heiko and Sudbrock, Henning
Title: An Empirical Bandwidth Analysis of Interrupt-Related Covert Channels
Language: English
Abstract:

We empirically evaluate interrupt-related covert channels, in short IRCCs, a type of covert channel that leverages hardware interrupts for communication. The evaluation is based on an exploit of IRCCs that we implemented as a proof-of-concept. We use a combination of experimental evaluation and information-theoretic analysis to compute the bandwidth of the channel on a concrete system. Our analysis shows a channel bandwidth of IRCCs based on interrupts of network interface cards (NICs) of approximately 5 bit/s. Besides the channel bandwidth, our experiments revealed previously unnoticed properties of IRCCs based on interrupts of NICs. While side channels based on hardware interrupts have been discussed before, this is the first experimental evaluation of covert channels based on hardware interrupts.

Title of Book: 2nd International Workshop on Quantitative Aspects in Security Assurance
Uncontrolled Keywords: Security;reviewed
Divisions: 20 Department of Computer Science
20 Department of Computer Science > Databases and Distributed Systems
20 Department of Computer Science > Modeling and Analysis of Information Systems (MAIS)
20 Department of Computer Science > System Security Lab
20 Department of Computer Science > Ubiquitous Knowledge Processing
Date Deposited: 31 Dec 2016 09:57
Official URL: https://www.iit.cnr.it/qasa2013/
Identification Number: TUD-CS-2013-0199
Export:

Optionen (nur für Redakteure)

View Item View Item