Interrupt-related covert channels allow two processes running on a single system to communicate with each other, circumventing the security mechanisms contained in standard operating systems. These channels belong to the class of timing channels and use the CPU as their shared resource. They transmit information by a sender process executing an operation that induces a hardware interrupt, and a receiver process detecting the interrupt. Both ends of the channel thus do not exploit that they share the CPU, but rather that the receiver and sender-initiated interrupts share the CPU. Consequently this channel is in general not prohibited by time-partitioning the CPU among all processes, as the literature about timing channels suggests.
The topic of this talk is a practical implementation of an exploit that is able to transmit information through such a channel. A patch for the Linux O(1) scheduler has been developed which provides a reasonable environment for the exploit. Based on the exploit implementation, a theoretical model is constructed with whose help upper bounds for the implemented channel’s bandwidth are computed. In addition, practical experiments have been conducted on a standard computer, running the modified Linux kernel, to obtain also lower bounds for the bandwidth. The implemented exploit contains free parameters, whose values are shown to have a significant influence on the performance of the channel. For configuring the exploit tailored to a given target system, a generic framework is constructed that captures the interdependencies between the system, the exploit and the expected resulting bandwidth. An application of the framework to a concrete computer system demonstrates its benefit for an attacker. Since noise is difficult to model precisely and often unknown to an attacker, techniques are presented that reduce its impact on the channel.