Time protection: the missing OS abstraction
A covert cache-based channel (for example) can be built by the sender modulating its footprint in the cache through its execution, and the receiver probing this footprint by systematically touching cache lines and measuring memory latency and by observing its own execution speed. This leaves a small amount of global kernel data uncoloured…
Even when we do flush caches, the latency of flushing can itself be used as a channel! The top graph shows mutual information through an LLC covert channel without protection, and the bottom plot shows the mutual information with the time protection enhancements in place.