Microarchitectural Covert Channels in Multitenant Computing Environments}

Abstract

The elastic property of cloud services relies on a dynamic mapping between distinct virtual terminals and shared physical nodes, laying bare correlations between the activity of concurrent tenants and the availability of microarchitectural resource. In this context, this thesis studies the threat posed by microarchitectural covert channels to data confidentiality in multi-tenant computing environments. An empirical study is conducted on the practicality of theses attacks against public Infrastructure-as-a-Service instances, revealing that covert channels achieve a medium severity score with the Common Vulnerability Scoring System. A new evaluation framework is then developed so as to devise metrics for fair comparison and identify conditions for eluding logical isolation on contemporary computing environments. As a result, two new microarchitectural covert channels based on Intel's integrated memory controllers are presented, which enable circumventing existing defense strategies. The first attack allows a privileged adversary to leak information between two processes within a single native environment. The second attack is an extension to cross-VM scenarios for unprivileged adversaries. An exhaustive study on state-of-the-art countermeasures is then realised, revealing a lack of perspective in their design approach. The analysis leads to a new covert channel based on Intel and AMD memory bus implementations. The resulting attack is tested across two AWS EC2 instances, demonstrating that an malicious individual can easily make his way around all existing countermeasures proposed in academia