Timing Covert Channel Analysis of the VxWorks MILS Embedded Hypervisor under the Common Criteria Security Certification
This addresses security threats in virtualization for embedded systems, but it is incremental as it applies known methods to a specific hypervisor.
The paper tackled the problem of timing covert channels in embedded hypervisors, specifically analyzing the Wind River VxWorks MILS hypervisor under Common Criteria certification, and found that it is possible to establish such channels, providing a useful assessment approach for system designers.
Virtualization technology is nowadays adopted in security-critical embedded systems to achieve higher performance and more design flexibility. However, it also comes with new security threats, where attackers leverage timing covert channels to exfiltrate sensitive information from a partition using a trojan. This paper presents a novel approach for the experimental assessment of timing covert channels in embedded hypervisors, with a case study on security assessment of a commercial hypervisor product (Wind River VxWorks MILS), in cooperation with a licensed laboratory for the Common Criteria security certification. Our experimental analysis shows that it is indeed possible to establish a timing covert channel, and that the approach is useful for system designers for assessing that their configuration is robust against this kind of information leakage.