Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Write+Sync: Software Cache Write Covert Channels Exploiting Memory-disk Synchronization

Congcong Chen, Jinhua Cui, Gang Qu, Jiliang Zhang

TL;DR

Write+Sync introduces a novel software-only covert channel that exploits memory-disk synchronization primitives to modulate the timing of write-back cache operations. It presents two protocols (synchronized file using fdatasync and synchronized page using msync) and three optimization strategies (multi-bit encoding, asynchronous communication, and one-time transmission) to achieve high throughput across Linux and macOS, including cross-sandbox scenarios. The work provides extensive evaluations of throughput, error rates, and timing, and demonstrates practical attacks (website fingerprinting and performance degradation) while outlining detection, patching, and isolation as mitigation paths. The findings highlight a significant security risk from memory-disk synchronization in POSIX-like systems and motivate targeted defenses to curb software-based covert channels that are hardware-agnostic and broadly deployable.

Abstract

Memory-disk synchronization is a critical technology for ensuring data correctness, integrity, and security, especially in systems that handle sensitive information like financial transactions and medical records. We propose SYNC+SYNC, a group of attacks that exploit the memory-disk synchronization primitives. SYNC+SYNC works by subtly varying the timing of synchronization on the write buffer, offering several advantages: 1) implemented purely in software, enabling deployment on any hardware devices; 2) resilient against existing cache partitioning and randomization techniques; 3) unaffected by prefetching techniques and cache replacement strategies. We present the principles of SYNC+SYNC through the implementation of two write covert channel protocols, using either a single file or page, and introduce three enhanced strategies that utilize multiple files and pages. The feasibility of these channels is demonstrated in both cross-process and cross-sandbox scenarios across diverse operating systems (OSes). Experimental results show that, the average rate can reach 2.036 Kb/s (with a peak rate of 14.762 Kb/s) and the error rate is 0% on Linux; when running on macOS, the average rate achieves 10.211 Kb/s (with a peak rate of 253.022 Kb/s) and the error rate is 0.004%. To the best of our knowledge, SYNC+SYNC is the first high-speed write covert channel for software cache.

Write+Sync: Software Cache Write Covert Channels Exploiting Memory-disk Synchronization

TL;DR

Write+Sync introduces a novel software-only covert channel that exploits memory-disk synchronization primitives to modulate the timing of write-back cache operations. It presents two protocols (synchronized file using fdatasync and synchronized page using msync) and three optimization strategies (multi-bit encoding, asynchronous communication, and one-time transmission) to achieve high throughput across Linux and macOS, including cross-sandbox scenarios. The work provides extensive evaluations of throughput, error rates, and timing, and demonstrates practical attacks (website fingerprinting and performance degradation) while outlining detection, patching, and isolation as mitigation paths. The findings highlight a significant security risk from memory-disk synchronization in POSIX-like systems and motivate targeted defenses to curb software-based covert channels that are hardware-agnostic and broadly deployable.

Abstract

Memory-disk synchronization is a critical technology for ensuring data correctness, integrity, and security, especially in systems that handle sensitive information like financial transactions and medical records. We propose SYNC+SYNC, a group of attacks that exploit the memory-disk synchronization primitives. SYNC+SYNC works by subtly varying the timing of synchronization on the write buffer, offering several advantages: 1) implemented purely in software, enabling deployment on any hardware devices; 2) resilient against existing cache partitioning and randomization techniques; 3) unaffected by prefetching techniques and cache replacement strategies. We present the principles of SYNC+SYNC through the implementation of two write covert channel protocols, using either a single file or page, and introduce three enhanced strategies that utilize multiple files and pages. The feasibility of these channels is demonstrated in both cross-process and cross-sandbox scenarios across diverse operating systems (OSes). Experimental results show that, the average rate can reach 2.036 Kb/s (with a peak rate of 14.762 Kb/s) and the error rate is 0% on Linux; when running on macOS, the average rate achieves 10.211 Kb/s (with a peak rate of 253.022 Kb/s) and the error rate is 0.004%. To the best of our knowledge, SYNC+SYNC is the first high-speed write covert channel for software cache.
Paper Structure (29 sections, 7 figures, 5 tables, 2 algorithms)

This paper contains 29 sections, 7 figures, 5 tables, 2 algorithms.

Table of Contents

  1. Introduction
  2. Background
  3. Timing Covert Channel
  4. Write-back Cache
  5. Memory-disk Synchronization Mechanism
  6. Write+Sync Design
  7. Threat Model
  8. Overview
  9. Synchronized File
  10. Synchronized Page
  11. Analysis
  12. Optimization Strategies
  13. Optimization 1: Multi-bit Encoding
  14. Optimization 2: Asynchronous Communication
  15. Optimization 3: One-time Transmission
  16. ...and 14 more sections

Figures (7)

  • Figure 1: Diagram of the write buffer system
  • Figure 2: Overview of our covert channels. The blue shaded area is cached and the blank area is uncached.
  • Figure 3: The timing of sending "0" and sending "1" with fdatasync on Linux
  • Figure 4: The TR and BER of Protocol 1 and Protocol 2 (fd: fdatasync, ms: msync)
  • Figure 5: The SD and SE of Protocol 1 and Protocol 2
  • ...and 2 more figures