An Efficient Approach for Mitigating Covert Storage Channel Attacks in Virtual Machines by the Anti-Detection Criterion

作     者：Chong Wang Nasro Min-Allah Bei Guan Yu-Qi Lin Jing-Zheng Wu Yong-Ji Wang 

作者机构：Institute of SoftwareChinese Academy of SciencesBeijing 100190China University of Chinese Academy of SciencesBeijing 100049China College of Computer Science and Information TechnologyImam Abdulrahman Bin Faisal UniversityDammam 1982 Saudi Arabia Block Chain Research CenterBlue HelixGrand Cayman KY1-1100Cayman Islands 

出 版 物：《Journal of Computer Science & Technology》 (计算机科学技术学报（英文版）)

年 卷 期：2019年第34卷第6期

页      面：1351-1365页

核心收录：

学科分类：0809[工学-电子科学与技术（可授工学、理学学位）] 08[工学] 

基　　金：The work was supported by the National Natural Science Foundation of China under Grant No.61772507 the National Key Research and Development Program of China under Grant No.2017YFB1002300 

主　　题：covert storage channel information security covert channel threat evaluation security and privacy protection 

摘      要：Covert channels have been an effective means for leaking confidential information across security domains and numerous studies are available on typical covert channels attacks and *** covert channel threat restriction solutions are based on the threat estimation criteria of covert channels such as capacity,accuracy,and short messages which are effective in evaluating the information transmission ability of a covert(storage)***,these criteria cannot comprehensively reflect the key factors in the communication process such as shared resources and synchronization and therefore are unable to evaluate covertness and complexity of increasingly upgraded covert storage *** a solution,the anti-detection criterion was introduced to eliminate these limitations of cover *** effective,most threat restriction techniques inevitably incur high performance overhead and hence become *** this work,we avoid such overheads and present a restriction algorithm based on the anti-detection criterion to restrict threats that are associated with covert storage channels in virtual machines while maintaining the resource efficiency of the *** evaluation shows that our proposed solution is able to counter covert storage channel attacks in an effective *** with Pump,a well-known traditional restriction algorithm used in practical systems,our solution significantly reduces the system overhead.