Leaky Controller: Cross-VM Memory Controller Covert Channel on Multi-Core Systems

Benjamin Semal, Konstantinos Markantonakis, Raja Naeem Akram, Jan Kalbantner

Research output: Contribution to conferencePaperpeer-review

163 Downloads (Pure)


Data confidentiality is put at risk on cloud platforms where multiple tenants share the underlying hardware. As multiple workloads are executed concurrently, conflicts in memory resource occur, resulting in observable timing variations during execution. Malicious tenants can intentionally manipulate the hardware platform to devise a covert channel, enabling them to steal the data of co-residing tenants. This paper presents two new microarchitectural covert channel attacks using the memory controller. The first attack allows a privileged adversary (i.e. process) to leak information in a native environment. The second attack is an extension to cross-VM scenarios for unprivileged adversaries. This work is the first instance of leakage channel based on the memory controller. As opposed to previous denial-of-service attacks, we manage to modulate the load on the channel scheduler with accuracy. Both attacks are implemented on cross-core configurations. Furthermore, the cross-VM covert channel is successfully tested across three different Intel microarchitectures. Finally, a comparison against state-of-the-art covert channel attacks is provided, along with a discussion on potential mitigation techniques.
Original languageEnglish
Number of pages14
Publication statusE-pub ahead of print - 14 Sept 2020
Event35th International Conference on ICT Systems Security and Privacy Protection - Maribor, Slovenia
Duration: 26 May 202028 May 2020


Conference35th International Conference on ICT Systems Security and Privacy Protection
Abbreviated titleIFIP SEC 2020
Internet address

Cite this