An Empirical Bandwidth Analysis of Interrupt-Related Covert Channels

Abstract

Interrupt-related covert channels IRCCs utilize hardware interrupts for enabling communication between processes. This article provides an empirical evaluation of IRCC vulnerabilities, based on an actual exploit. The evaluation combines experiments with an information-theoretic analysis for computing the channel bandwidth. The evaluation shows that a bandwidth of multiple bits per second is achievable in a desktop system via interrupts of a network interface card. This result clarifies the significance of this IRCC vulnerability for one particular system. The exploit presented is configurable, and the article provides a solution for computing an optimal exploit configuration for a given system. While side channels based on hardware interrupts have been discussed before, this is the first empirical evaluation of covert channels based on hardware interrupts.