eprint.iacr.org will be offline for approximately an hour for routine maintenance at 11pm UTC on Tuesday, April 16. We lost some data between April 12 and April 14, and some authors have been notified that they need to resubmit their papers.
You are looking at a specific version 20160302:113922 of this paper. See the latest version.

Paper 2016/227

Process Table Covert Channels: Exploitation and Countermeasures

Jean-Michel Cioranesco and Houda Ferradi and Rémi Géraud and David Naccache

Abstract

How to securely run untrusted software? A typical answer is to try to isolate the actual effects this software might have. Such counter-measures can take the form of memory segmentation, sandboxing or virtualisation. Besides controlling potential damage this software might do, such methods try to prevent programs from peering into other running programs' operation and memory. As programs, no matter how many layers of indirection in place, are really being run, they consume resources. Should this resource usage be precisely monitored, malicious programs might be able to communicate in spite of software protections. We demonstrate the existence of such a covert channel bypassing isolations techniques and IPC policies. This covert channel that works over all major consumer OSes (Windows, Linux, MacOS) and relies on exploitation of the process table. We measure the bandwidth of this channel and suggest countermeasures.

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Contact author(s)
houda ferradi @ ens fr
History
2016-03-02: revised
2016-03-01: received
See all versions
Short URL
https://ia.cr/2016/227
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.