WindTalker: An Efficient and Robust Protocol of Cloud Covert Channel Based on Memory Deduplication

As information security and privacy are primary concerns for most enterprises and individuals, a threat called Cross-VM (Virtual Machine) Attack certainly impedes their adoption of public or hybrid cloud computing. Specifically, Cross-VM Attack enables hostile tenants to leverage various forms of covert channels to exfiltrate sensitive information of victims on the same physical host. A new covert channel has been demonstrated by exploiting a special feature of memory deduplication which is widely used in virtualization products, that is, writing to a shared page would incur longer access delay than those non-shared. However, this sort of covert channel attack is merely considered as "potential threat" due to lack of practical protocol. In this paper, we study how to design an efficient and reliable protocol of CCCMD (Cloud Covert Channel based on Memory Deduplication). We first analyze the CCCMD working scheme in a virtualized environment, and uncover its major defects and implementation difficulties. We then build a prototype named WindTalker which overcomes these obstacles. Our experiments show that WindTalker performs much better with lower bit error rate and achieves a reasonable transmission speed adaptive to noisy environment.