Whispers in the Hyper-Space: High-Bandwidth and Reliable Covert Channel Attacks Inside the Cloud

Wu, Zhenyu; Xu, Zuhua; Wang, Haining

doi:10.1109/tnet.2014.2304439

Cited by 153 publications

(203 citation statements)

References 17 publications

(34 reference statements)

Supporting

Mentioning

201

Contrasting

Order By: Relevance

“…[48] showed that constructing a cross-VM side-channel is possible in Amazon's EC2, prompting further research on virtual machine infrastructure. Wu et al [49] use the EC2 as a host for covert communication. Exploiting peculiarities of the underlying x86 platform, they were able to achieve transmission rates of up to 100 bits/s.…”

Section: L4linux Resultsmentioning

confidence: 99%

Undermining Isolation Through Covert Channels in the Fiasco.OC Microkernel

Peter

Petschick

Vetter

et al. 2015

Lecture Notes in Electrical Engineering

View full text Add to dashboard Cite

Abstract-In the new age of cyberwars, system designers have come to recognize the merits of building critical systems on top of small kernels for their ability to provide strong isolation at system level. This is due to the fact that enforceable isolation is the prerequisite for any reasonable security policy. Towards this goal we examine some internals of Fiasco.OC, a microkernel of the prominent L4 family. Despite its recent success in certain highsecurity projects for governmental use, we prove that Fiasco.OC is not suited to ensure strict isolation between components meant to be separated.Unfortunately, in addition to the construction of system-wide denial of service attacks, our identified weaknesses of Fiasco.OC also allow covert channels across security perimeters with high bandwidth. We verified our results in a strong affirmative way through many practical experiments. Indeed, for all potential use cases of Fiasco.OC we implemented a full-fledged system on its respective archetypical hardware: Desktop server/workstation on AMD64 x86 CPU, Tablet on Intel Atom CPU, Smartphone on ARM Cortex A9 CPU. The measured peak channel capacities ranging from ∼13500 bits/s (Cortex-A9 device) to ∼30500 bits/s (desktop system) lay bare the feeble meaningfulness of Fiasco.OC's isolation guarantee. This proves that Fiasco.OC cannot be used as a separation kernel within high-security areas.

show abstract

Section: L4linux Resultsmentioning

confidence: 99%

Undermining Isolation Through Covert Channels in the Fiasco.OC Microkernel

Peter

Petschick

Vetter

et al. 2015

Lecture Notes in Electrical Engineering

View full text Add to dashboard Cite

show abstract

“…The application layer includes host-based attacks such as spamming, race condition attacks, buffer overflow attacks, mail forgery, and man-inthe-middle attacks. Host-based attacks are mostly attacks against system availability, operating systems performance, and web service operations [11]. Network-based incidents include attacks on networks aimed at affecting network availability and performance.…”

Section: Types Of Intrusionmentioning

confidence: 99%

From Intrusion Detection to an Intrusion Response System: Fundamentals, Requirements, and Future Directions

et al. 2017

View full text Add to dashboard Cite

Abstract:In the past few decades, the rise in attacks on communication devices in networks has resulted in a reduction of network functionality, throughput, and performance. To detect and mitigate these network attacks, researchers, academicians, and practitioners developed Intrusion Detection Systems (IDSs) with automatic response systems. The response system is considered an important component of IDS, since without a timely response IDSs may not function properly in countering various attacks, especially on a real-time basis. To respond appropriately, IDSs should select the optimal response option according to the type of network attack. This research study provides a complete survey of IDSs and Intrusion Response Systems (IRSs) on the basis of our indepth understanding of the response option for different types of network attacks. Knowledge of the path from IDS to IRS can assist network administrators and network staffs in understanding how to tackle different attacks with state-of-the-art technologies.

show abstract

“…Cloud Server is used for storing all the data and will also act as offline storage. All the data in the encrypted format will be stored at the cloud [25][26][27][28][29][30].…”

Section: Cloud Servermentioning

confidence: 99%

Medicare

Gharte¹,

Bagga²,

Deore³

et al. 2017

Int J Adv Tech

View full text Add to dashboard Cite

Abstract(Mobile Health) mHealth care monitoring system which applies mobile communications and cloud computing technologies and provides feedback decision support; this has been considered as a revolutionary approach for improving the healthcare quality and also lowers the cost of healthcare. But on other hand it has a serious risk on client's privacy and the intellectual property of the service provider, which would reduce the adoption of this technology. This paper would solve this big issue related to security and also design an application having cloud computing technology which would preserve the privacy of the client's and the associated service providers. This paper would focuses on the technology called "AES" (Advanced Encryption Standard) to implement security. Lastly, the security and the performance which will be implemented show the effectiveness of the proposed system.

show abstract

Whispers in the Hyper-Space: High-Bandwidth and Reliable Covert Channel Attacks Inside the Cloud

Cited by 153 publications

References 17 publications

Undermining Isolation Through Covert Channels in the Fiasco.OC Microkernel

Undermining Isolation Through Covert Channels in the Fiasco.OC Microkernel

From Intrusion Detection to an Intrusion Response System: Fundamentals, Requirements, and Future Directions

Medicare

Contact Info

Product

Resources

About