Detecting Covert Timing Channels with Time-Deterministic Replay

This paper presents a mechanism called timedeterministic replay (TDR) that can reproduce the execution of a program, including its precise timing. Without TDR, reproducing the timing of an execution is difficult because there are many sources of timing variability – such as preemptions, hardware interrupts, cache effects, scheduling decisions, etc. TDR uses a combination of techniques to either mitigate or eliminate most of these sources of variability. Using a prototype implementation of TDR in a Java Virtual Machine, we show that it is possible to reproduce the timing to within 1.85% of the original execution, even on commodity hardware. The paper discusses several potential applications of TDR, and studies one of them in detail: the detection of a covert timing channel. Timing channels can be used to exfiltrate information from a compromised machine; they work by subtly varying the timing of the machine’s outputs, and it is this variation that can be detected with TDR. Unlike prior solutions, which generally look for a specific type of timing channel, our approach can detect a wide variety of channels with high accuracy. Disciplines Computer Engineering | Computer Sciences Comments 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI), Broomfield, CO, October 2014. Author(s) Ang Chen, W. Brad Moore, Hanjun Xiao, Andreas Haeberlen, Linh T.X. Phan, Micah Sherr, and Wenchao Zhou This conference paper is available at ScholarlyCommons: http://repository.upenn.edu/cis_papers/796 Detecting Covert Timing Channels with Time-Deterministic Replay