SYNC+SYNC: Software Cache Write Covert Channels Exploiting Memory-disk Synchronization

Memory-disk synchronization is a critical technology for ensuring data correctness, integrity, and security, especially in systems that handle sensitive information like financial transactions and medical records. We propose SYNC+SYNC, a group of attacks that exploit the memory-disk synchronization primitives. SYNC+SYNC works by subtly varying the timing of synchronization on the write buffer, offering several advantages: 1) implemented purely in software, enabling deployment on any hardware devices; 2) resilient against existing cache partitioning and randomization techniques; 3) unaffected by prefetching techniques and cache replacement strategies. We present the principles of SYNC+SYNC through the implementation of two write covert channel protocols, using either a single file or page, and introduce three enhanced strategies that utilize multiple files and pages. The feasibility of these channels is demonstrated in both cross-process and cross-sandbox scenarios across diverse operating systems (OSes). Experimental results show that, the average rate can reach 2.036 Kb/s (with a peak rate of 14.762 Kb/s) and the error rate is 0% on Linux; when running on macOS, the average rate achieves 10.211 Kb/s (with a peak rate of 253.022 Kb/s) and the error rate is 0.004%. To the best of our knowledge, SYNC+SYNC is the first high-speed write covert channel for software cache.