A Study on Microarchitectural Covert Channel Vulnerabilities in Infrastructure-as-a-Service

Benjamin Semal* (Corresponding Author), Konstantinos Markantonakis, Raja Naeem Akram, Jan Kalbantner

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingPublished conference contribution

1 Citation (Scopus)
3 Downloads (Pure)


Microarchitectural cross-VM covert channels are software-launched attacks which exploit multi-tenant environments' shared hardware. They enable transmitting information from a compromised system when the information flow policy does not allow to do so. These attacks represent a threat to the confidentiality and integrity of data processed and stored on cloud platforms. Although potentially severe, covert channels tend to be overlooked due to an allegedly strong adversary model. The literature focuses on mechanisms for encoding information through timing variations, without addressing practical considerations. Furthermore, the field lacks a realistic evaluation framework. Covert channels are usually compared to each other using the channel capacity. While a valuable performance metric, the capacity is inadequate to assess the severity of an attack. In this paper, we conduct a comprehensive study on the severity of microarchitectural covert channels in public clouds. State-of-the-art attacks are evaluated against the Common Vulnerability Scoring System in its most recent version (CVSS v3.1). The study shows that a medium severity score of 5.0 is achieved. In comparison, the SSLv3 POODLE (CVE-2014-3566) and OpenSSL Heartbleed (CVE-2014-0160) vulnerabilities achieved respective scores of 3.1 and 7.5. As such, the paper successfully demonstrates that covert channels are not theoretical threats, and that they require the immediate attention of the community. Furthermore, we devise a new and independent scoring system, the Covert Channel Scoring System (CCSS). The scoring of related works under the CCSS shows that cache-based covert channels, although more and more popular, are the least practical ones to deploy. We encourage authors of future cross-VM covert channel attacks to include a CCSS metric in their study, in order to account for deployment constraints and provide a fair point of comparison for the adversary model.
Original languageEnglish
Title of host publicationApplied Cryptography and Network Security Workshops
Subtitle of host publicationACNS 2020 Satellite Workshops AIBlock, AIHWS, AIoTS, Cloud S&P, SCI, SecMT, and SiMLA Rome, Italy, October 19–22, 2020, Proceedings
EditorsJianying Zhou, Chuadhry Mujeeb Ahmed, Mauro Conti, Eleonora Losiouk, Man Ho Au, Lejla Batina, Zhou Li, Jingqiang Lin, Bo Luo, Suryadipta Majumdar, Weizhi Meng, Martín Ochoa, Stjepan Picek, Georgios Portokalidis, Cong Wang, Kehuan Zhang
Place of PublicationCham, Switzerland
Number of pages18
ISBN (Electronic)978-3-030-61638-0
ISBN (Print)978-3-030-61637-3
Publication statusPublished - 14 Oct 2020
EventCLOUD S&P 2020: 2nd Workshop on Cloud Security and Privacy (in conjunction with ACNS 2020) - Rome, Rome, Italy
Duration: 19 Oct 202022 Oct 2020

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


ConferenceCLOUD S&P 2020
Internet address


  • Covert channel
  • Microarchitectural attack
  • Cloud privacy
  • Vulnerability
  • Vulnerability study


Dive into the research topics of 'A Study on Microarchitectural Covert Channel Vulnerabilities in Infrastructure-as-a-Service'. Together they form a unique fingerprint.

Cite this