Covert channels through branch predictors
- 14 June 2015
- conference paper
- conference paper
- Published by Association for Computing Machinery (ACM)
Abstract
Covert channels through shared processor resources provide secret communication between malicious processes. In this paper, we introduce a new mechanism for covert communication using the processor branch prediction unit. Specifically, we demonstrate how a trojan and a spy can manipulate the branch prediction tables in a way that creates high-capacity, robust and noise-resilient covert channel. We demonstrate this covert channel on a real hardware platform both in Simultaneous Multi-Threading (SMT) and single-threaded settings. We also discuss techniques for improving the channel quality and outline possible defenses to protect against this covert channel.Keywords
Funding Information
- National Science Foundation (CNS-1422401)
This publication has 18 references indexed in Scilit:
- Leveraging Gate-Level Properties to Identify Hardware Timing ChannelsIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2014
- Timing channel protection for a shared memory controllerPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2014
- InkTagPublished by Association for Computing Machinery (ACM) ,2013
- Non-monopolizable cachesACM Transactions on Architecture and Code Optimization, 2012
- Detecting covert timing channelsPublished by Association for Computing Machinery (ACM) ,2007
- Covert and Side Channels Due to Processor ArchitectureTwenty-Third Annual Computer Security Applications Conference (ACSAC 2007), 2006
- Predicting Secret Keys Via Branch PredictionLecture Notes in Computer Science, 2006
- The effects of context switching on branch predictor performancePublished by Institute of Electrical and Electronics Engineers (IEEE) ,2005
- Using hybrid branch predictors to improve branch prediction accuracy in the presence of context switchesPublished by Association for Computing Machinery (ACM) ,1996
- Using hybrid branch predictors to improve branch prediction accuracy in the presence of context switchesACM SIGARCH Computer Architecture News, 1996