Abstract
Multiple virtual machines on a single virtual machine monitor are isolated from each other. A malicious user on one virtual machine usually cannot relay secret data to other virtual machines without using explicit communication media such as shared files or a network. However, this isolation is threatened by communication in which CPU load is used as a covert channel. Unfortunately, this threat has not been fully understood or evaluated. In this study, we quantitatively evaluate the threat of CPU-based covert channels between virtual machines on the Xen hypervisor. We have developed CCCV, a system that creates a covert channel and communicates data secretly using CPU loads. CCCV consists of two user processes, a sender and a receiver. The sender runs on one virtual machine, and the receiver runs on another virtual machine on the same hypervisor. We measured the bandwidth and communication accuracy of the covert channel. CCCV communicated 64-bit data with a 100% success rate in an ideal environment, and with a success rate of over 90% in an environment where Web servers are processing requests on other virtual machines.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
