Detecting covert timing channels with time-deterministic replay
作者: Andreas Haeberlen , Micah Sherr , Ang Chen , Hanjun Xiao , W. Brad Moore
关键词:
摘要: This paper presents a mechanism called time-deterministic replay (TDR) that can reproduce the execution of program, including its precise timing. Without TDR, reproducing timing an is difficult because there are many sources variability - such as preemptions, hardware interrupts, cache effects, scheduling decisions, etc. TDR uses combination techniques to either mitigate or eliminate most these variability. Using prototype implementation in Java Virtual Machine, we show it possible within 1.85% original execution, even on commodity hardware.The discusses several potential applications and studies one them detail: detection covert channel. Timing channels be used exfiltrate information from compromised machine; they work by subtly varying machine's outputs, this variation detected with TDR. Unlike prior solutions, which generally look for specific type channel, our approach detect wide variety high accuracy.
acm.org
georgetown.edu
sci-hub.st 参考文章(49)
Steven Gianvecchio, Haining Wang, Duminda Wijesekera, Sushil Jajodia, Model-Based Covert Timing Channels: Automated Modeling and Evasion recent advances in intrusion detection. pp. 211- 230 ,(2008) , 10.1007/978-3-540-87403-4_12
Reinhard Wilhelm, Determining Bounds on Execution Times. Embedded Systems Design and Verification. pp. 9- ,(2009)
Gaurav Shah, Andres Molina, Matt Blaze, Keyboards and covert channels usenix security symposium. pp. 5- ,(2006)
Anyi Liu, Jim Chen, Harry Wechsler, Real-Time Covert Timing Channel Detection in Networked Virtual Environments international conference on digital forensics. pp. 273- 288 ,(2013) , 10.1007/978-3-642-41148-9_19
Nicholas Jun Hao Ip, Stephen A. Edwards, A processor extension for cycle-accurate real-time software embedded and ubiquitous computing. pp. 449- 458 ,(2006) , 10.1007/11802167_46
Eugene H. Spafford, Carla E. Brodley, Serdar Cabuk, Network covert channels: design, analysis, detection, and elimination Purdue University. ,(2006)
Andreas Haeberlen, Peter Druschel, Rodrigo Rodrigues, Paarijaat Aditya, Accountable virtual machines operating systems design and implementation. pp. 119- 134 ,(2010) , 10.5555/1924943.1924952
Zheng Pei Wu, Yogen Krish, Rodolfo Pellizzoni, Worst Case Analysis of DRAM Latency in Multi-requestor Systems real-time systems symposium. pp. 372- 383 ,(2013) , 10.1109/RTSS.2013.44
Johan Agat, Transforming out timing leaks symposium on principles of programming languages. pp. 40- 53 ,(2000) , 10.1145/325694.325702
Bowen Alpern, Ton Ngo, Jong-Deok Choi, Manu Sridharan, DejaVu: deterministic Java replay debugger for Jalapeño Java virtual machine conference on object-oriented programming systems, languages, and applications. pp. 165- 166 ,(2000) , 10.1145/367845.368073