Core Concepts
A novel covert channel attack that exploits the duty cycle modulation feature of modern Intel processors to enable secret communication between two colluding processes, bypassing security policies.
Abstract
This paper presents a novel covert channel attack that exploits the duty cycle modulation feature of modern Intel processors. The attack involves two colluding processes - a sender process with higher privileges that holds sensitive information, and a receiver process with lower privileges that is allowed to access the network.
The key highlights are:
- The sender process manipulates the IA32_CLOCK_MODULATION model-specific register (MSR) to control the duty cycle of the CPU clock, effectively modulating the clock rate.
- The receiver process continuously monitors the duty cycle value and interprets the changes as the sender transmitting data.
- The sender and receiver processes synchronize the communication by transmitting a start and end signal, ensuring the receiver can accurately capture the transmitted data.
- The authors demonstrate the feasibility of this attack, achieving a data transfer rate of up to 55.24 bits per second.
- This covert channel attack bypasses security policies that prevent direct communication between the two processes, allowing the receiver to exfiltrate sensitive data held by the sender.
- The attack exploits a hardware feature of the CPU that is not part of the typical resource partitioning and isolation techniques used to mitigate covert channel attacks, making it a significant security concern.
Stats
The authors report that the proposed covert channel can achieve a data transfer rate of up to 55.24 bits per second.
Quotes
"Covert channel attacks represent a significant threat to system security, leveraging shared resources to clandestinely transmit information from highly secure systems, thereby violating the system's security policies."
"An adversary controlling two colluding processes can stealthily bypass system security policy without leaving any forensic trace by establishing a communication between these processes and ex-filtrating valuable information, therefore breaking system integrity."