Survey of Microarchitectural Side and Covert Channels, Attacks, and Defenses

Abstract

Over the last two decades, side and covert channel research has shown a variety of ways of exfiltrating information for a computer system. Processor microarchitectural timing-based side and covert channel attacks have emerged as some of the most clever attacks, and ones which are difficult to deal with, without impacting system performance. Unlike electromagnetic or power-based channels, microarchitectural timing-based side and covert channel do not require physical proximity to the target device. Instead, only malicious or cooperating spy applications need to be co-located on the same machine as the victim. And in some attacks even co-location is not needed, only timing of the execution of the victim application, as measured by a remote attacker, can lead to information leaks. This survey extracts the key features of the processor’s microarchitectural functional units which make the channels possible, presents an analysis and categorization of the variety of microarchitectural side and covert channels others have presented in literature, and surveys existing defense proposals. With advent of cloud computing and ability to launch microarchitectural side and covert channels even across virtual machines, understanding of these channels is critical for cybersecurity.