Bankrupt Covert Channel: Turning Network Predictability into
  Vulnerability by Ustiugov, Dmitrii et al.
Bankrupt Covert Channel:
Turning Network Predictability into Vulnerability
Dmitrii Ustiugov∗ Plamen Petrov* M.R. Siavash Katebzadeh Boris Grot
University of Edinburgh
Abstract
Recent years have seen a surge in the number of data
leaks despite aggressive information-containment measures
deployed by cloud providers. When attackers acquire the
sensitive data in a secure cloud environment, covert commu-
nication channels are a key tool to exfiltrate the data to the
outside world. While the bulk of prior work focused on covert
channels within a single CPU, they require the spy (trans-
mitter) and the receiver to share the CPU, which might be
difficult to achieve in a cloud environment with hundreds or
thousands of machines.
This work presents Bankrupt, a high-rate highly clandes-
tine channel that enables covert communication between the
spy and the receiver running on different nodes in an RDMA
network. In Bankrupt, the spy communicates with the receiver
by issuing RDMA network packets to a private memory re-
gion allocated to it on a different machine (an intermediary).
The receiver similarly allocates a separate memory region on
the same intermediary, also accessed via RDMA. By steering
RDMA packets to a specific set of remote memory addresses,
the spy causes deep queuing at one memory bank, which is the
finest addressable internal unit of main memory. This exposes
a timing channel that the receiver can listen on by issuing
probe packets to addresses mapped to the same bank but in its
own private memory region. Bankrupt delivers up to 99Kb/s
transmission bandwidth with 96% accuracy in CloudLab’s
public cloud while remaining undetectable to the existing
monitoring capabilities, such as CPU performance counters.
1 Introduction
In the digital era, information security has become the crucial
necessity that drives private and public cloud vendors to take
all available measures to contain sensitive and confidential
data within customer and government-defined boundaries. De-
spite the efforts, security breaches are commonplace, often
∗The first two authors contributed equally to this work.
compromising highly sensitive data including personal infor-
mation [14, 22, 48, 50], passwords [10, 15, 55], and medical
records [18, 19].
Often staying in the shadow of side channels that acquire
the sensitive data, covert communication channels are a criti-
cal tool used by attackers to exfiltrate the data from a secure
environment. Due to strict information containment measures,
like firewalls, a spy software may not have a direct access to
the Internet and, instead, has to communicate – via a covert
channel – the acquired data to a co-operative receiver software
that is outside of the secure environment and with Internet
access. Recent study by Reardon et al. spotlights a wide usage
of covert channels by attackers in the real world [43].
From an attacker’s perspective, constructing an efficient
covert channel poses several practical challenges. In a public
or private cloud with thousands of nodes, it may be difficult to
ensure that spy and receiver applications get scheduled to the
same node. A more reliable strategy is to construct a covert
channel that works across the datacenter, thus allowing the
spy and the receiver to reside on different nodes. Second, the
channel needs to be fast enough to transmit any amount of
sensitive data, which could reach into gigabytes (e.g., medical
records [18, 19]). Finally, the channel must remain stealthy
even if the cloud vendor is actively monitoring for its exis-
tence.
In this work, we introduce a timing-based communication
channel, called Bankrupt, that meets all of these requirements.
Bankrupt enables a high-rate covert communication across
a datacenter’s RDMA-enabled network, thus decoupling the
physical placement of the spy and the receiver from their
ability to communicate covertly while avoiding detection by
existing monitoring facilities, including CPU performance
counters.
As explained below, Bankrupt relies on an RDMA-enabled
network, a technology that is being widely adopted by public
and private cloud operators [2, 17, 21, 35]. The wide deploy-
ment of RDMA technology is due to its fundamental latency
advantages over traditional datacenter networks. This advan-
tage comes from the fact that RDMA offers direct access to a
1
ar
X
iv
:2
00
6.
03
85
4v
1 
 [c
s.C
R]
  6
 Ju
n 2
02
0
remote server’s memory via an RDMA-enabled NIC with full
bypass of the remote CPU. The Bankrupt attack turns the low
latency and predictability of RDMA into a vulnerability, as
predictable latencies enable a highly robust timing channel.
Bankrupt uses a remote node’s main memory as a timing
channel accessed via RDMA. Figure 1 shows how the attack
works. In the figure, the spy (also referred to as a sender)
wishes to communicate a secret to the receiver residing on a
different node. Although unable to communicate directly, e.g.,
in case of logical separation of the network, both the sender
and the receiver have access to another node’s (an interme-
diary) memory (e.g., a storage server [34, 44]), where both
the sender and the receiver have legitimately allocated private
RDMA-exposed memory regions. The sender and the receiver
do not share physical memory, thus being isolated from the
cloud operator’s perspective. The sender sends a stream of
RDMA read requests to its private memory region at the inter-
mediary, but concentrates all of the reads on a single memory
bank1 inside the intermediary’s memory. By exploiting the
much higher bandwidth of RDMA (up to 200Gb/s with to-
day’s commodity NICs) in comparison to that of a single
memory bank (~10Gb/s), the spy can trivially induce queuing
at the target bank, causing the latency of accesses to that bank
to spike. By issuing RDMA reads to the same bank, the re-
ceiver can detect the latency spike. The presence or absence
of high latency, as in a modulated analog signal, informs the
receiver of the current bit’s value.
In order for Bankrupt to succeed, both the spy and the
receiver must be able to consistently target a single memory
bank on a server with hundreds of banks. A memory controller
inside the intermediary CPU uses a subset of physical address
bits (the bank bits) to route the memory requests, originated
both from the CPU and the RDMA NIC, to the target bank.
As RDMA legitimately exposes the virtual addresses of the
intermediary, we show that a – remote – attacker is able to
use this information to reverse-engineer the position of the
bank bits in the address space of the intermediary with an
algorithm that is of the linear complexity in the number of
address bits.
Another challenge for Bankrupt is to guarantee that the
latency spike on the target node is sufficiently high that the
receiver on another node can reliably observe it by issuing
probes over RDMA to the same bank. The presence or ab-
sence of high latency, as in a modulated analog signal, informs
the receiver of the current bit’s value. The quality of the signal
may be compromised by network noise or the presence of
memory-intensive applications on the intermediary. However,
our experiments show that the massive bandwidth offered by
today’s RDMA networks and memory subsystems create a
favorable environment for a highly robust channel.
We evaluate the Bankrupt channel in a private cluster and
on CloudLab, a large-scale public cloud used by computer
1A memory bank is a memory-internal device that hosts the data. A
modern memory subsystem comprises up to hundreds of banks (§2.3).
researchers. In the private cluster, the Bankrupt channel deliv-
ers up to 137Kb/s transmission bandwidth with the accuracy
of 95% in isolation. Under network load, Bankrupt’s trans-
mission accuracy slightly degrades to 93% while providing
70Kb/s transmission speed, as the sender needs to issue larger
bursts of RDMA reads to overcome the noise level. We find
that the channel’s bandwidth and accuracy are unaffected in
the presence of local memory traffic from innocuous memory-
intensive applications that concurrently run on the intermedi-
ary because a CPU efficiently balances regular memory traffic.
On CloudLab, we show that Bankrupt delivers up to 99Kb/s
with 96% accuracy.
Memory
Banks
CPU
PCIe
Intermediary 
Cores
...
...
NIC
Memory
Controller
DDR
...
DIMM
RDMA Network
Probe
Burst
Receiver
NIC
Sender
NIC
Figure 1: Bankrupt attack environment and operation.
To summarize, our contributions are as follows:
• We construct a timing channel, called Bankrupt, that en-
ables covert communication between participants, which
share the same RDMA network but run on different nodes,
via queuing inside remote memory hosted on a third – in-
nocuous – node.
• We provide guidelines for setting up Bankrupt with an
arbitrary RDMA network and CPU; namely for discovering
the addresses that belong to the target memory bank in
remote memory as well as establishing and dynamically
adjusting the channel’s modulated signal by issuing shaped
bursts of RDMA traffic even in a noisy environment.
• We show that the attack is undetectable by software-based
memory access latency monitoring and CPU performance
counters.
2
2 Background
The Bankrupt channel leverages features of a modern RDMA-
enabled network and the CPU memory subsystem. This sec-
tion introduces the relevant aspects of these technologies in
order to explain how they work together in Bankrupt.
2.1 Covert Channels
Covert channels, introduced first by Lampson [27], enable
communication between independent entities over isolation
boundaries, bypassing firewalls and communication audit-
ing. The basic setup of a covert channel consists of the two
participants: a spy (or sender) program that would like to
communicate (exfiltrate) the previously obtained secret to the
outside world, and a receiver that is aware of the sender’s
existence. Finally, the sender and the receiver should share
a common resource that they can use to communicate and
decode the signal.
To communicate, the sender and the receiver usually ex-
ploit resource sharing in a computer system by establishing
a communication channel via legitimate innocuous actions.
For example, a timing channel can be established by mod-
ulating access latencies to a shared CPU cache [28, 30, 54],
main memory [40, 52, 53] or by modulating temperature on a
multi-core CPU chip [29].
Despite the variety of the previously proposed covert chan-
nels, only a few of them may pose a threat in a realistic deploy-
ment scenario, as indicated by prior work [51]. We identify
three key requirements that a practical covert channel has to
meet for maximum impact and generality, namely wide visi-
bility, high communication bandwidth, and stealthiness. We
next discuss each of these requirements.
Wide visibility: Seeking to exfiltrate secrets, an attacker
should search for a covert channel with the least strict require-
ment for the sender and the receiver colocation. Colocation
of the both sides on the same node is a hard challenge since
cloud vendors purposefully randomize placement of the appli-
cations on their, bare-metal or virtualized, nodes. At the same
time, many providers do provide their customers with means
to localize applications within the same physical network to
offer low latency networking [5, 6]. Hence, a cross-network
covert channel may significantly simplify the attack setup for
an attacker.
High bandwidth: Certain types of sensitive data may have
a significant volume, potentially reaching into gigabytes (e.g.,
healthcare records [19]). Hence, to be broadly applicable, a
covert channel should deliver high transmission bandwidth
channel to exfiltrate data of an arbitrary size. Moreover,
a channel’s bandwidth should remain high even in the
presence of various types of system noise, e.g., network
traffic or CPU activity of numerous innocuous applica-
tions and system services that share the same network or CPU.
Stealthiness: An ideal covert channel should remain
stealthy even if platform owners suspect its existence and
actively monitor for it. Indeed, modern servers feature a
wide range of monitoring capabilities, for example, CPU
performance counters and network latency anomaly detec-
tors [8, 11, 12, 25, 41, 42, 56]. A truly covert channel should
remain undetectable by these techniques.
Previously proposed covert channels struggle to comply
with all three requirements. CPU-cache based covert channels
restrict the spy and receiver colocation scenario to the same
physical core or CPU chip [28, 30, 51, 54]. Cache-based chan-
nels also tend to increase the miss rate of the caches exposing
themselves to system monitoring software [16, 51]. The at-
tacks across a network often struggle to deliver bandwidth
higher than 1Kb/s bandwidth [38, 46] or may be difficult to
use in a noisy environment due to a relatively small latency
gap in their timing channel [26].
2.2 RDMA networks
Originating from high-performance computing, Remote Di-
rect Memory Access (RDMA) networks see rapid adoption
by cloud providers that strive to deliver low latency and high
throughput to their customers at the scale of an entire datacen-
ter [2, 17, 21, 35]. For example, Azure allows their customers
to rent a virtual RDMA-connected cluster of 80 000 virtual
cores [36].
RDMA allows the applications to access the remote mem-
ory via user-level one-sided RDMA read and write primitives
that bypass the destination CPU completely, allowing network
packets to directly read or write to its memory. First, to ex-
pose remote memory for RDMA operations, an application
running on one node needs to register a memory region on the
node that hosts the memory. After that, the application can
issue RDMA read (write) network packets to read (write) the
remote memory contents directly – by specifying the remote
node’s virtual address and the accessed memory chunk length.
When an RDMA packet arrives at the destination node’s
NIC, the NIC translates the virtual address, specified in the
packet’s header, to the corresponding physical memory ad-
dress and engages a DMA (read or write) transaction. The root
complex unrolls the transaction into a sequence of CPU cache-
block sized memory requests that eventually reach a memory
controller of the CPU. Finally, the memory controller serves
these requests from the destination’s main memory and sends
the responses back to the NIC. Upon receiving the responses
from the memory controller, the NIC forms a response packet
and sends it out to the requesting node.
Because RDMA bypasses the destination CPU, the net-
work round-trip time remains predictable even in the presence
of other network-intensive applications that use the network
infrastructure simultaneously. To showcase RDMA network
predictability, we plot the 64B RDMA read latency, in iso-
lation and under network load of ~40Gb/s that is ~70% of
3
Figure 2: Round-trip latency, as a complementary cumulative
distribution function (CCDF), of an RDMA read operation
in isolation and when network links and switch run at 70%
utilization. See §5 for the setup details.
the link bandwidth, from a client node to a server node (Fig-
ure 2). Despite the loaded network links and switch ports,
the 99th percentile of the network round-trip delay is larger
than in the unloaded case by just 1.2 microseconds. This high
predictability of the RDMA network indicates the high po-
tential for constructing a robust timing channel in an RDMA
network.
2.3 Memory Organization
The memory subsystem of a modern server CPU has a hierar-
chical structure: there are 2-6 memory channels, each with its
own memory controller, and each channel has 2-4 DIMMs.
Each DIMM consists of up to 64 independent memory de-
vices called memory banks2. In total, today’s server may have
hundreds of memory banks across its multitude of DIMMs,
channels and sockets [3].
The high overall bandwidth of a modern memory system
is delivered by this ensemble of small independent banks,
where each bank provides only a small fraction of the total
memory bandwidth. Internally, a memory bank stores data
as an array of DRAM rows, bringing one row at a time to
an SRAM row buffer before serving a memory request. A
single bank’s bandwidth is bounded by the time the bank
takes to bring and serve the corresponding DRAM row from
the array. Assuming no access locality, this time is the sum of
the three key DRAM latency components, namely tCL, tRCD,
and tRP. Each of the three latency components is 13-15ns
which means that the total latency of serving a single 64-byte
memory request is 39-45ns, resulting in the peak theoretical
1.4-1.6GB/s bandwidth of a single bank. Due to the end of
2To be precise, a DIMM normally consists of 1-4 ranks, and each rank of
8-16 banks.
DRAM technology scaling, these key latency components
have stayed the same over the last two decades [32, 33].
The memory controller manages each bank independently
from others, hence all requests to a particular bank reside in a
dedicated per-bank queue inside the memory controller. The
memory controller routes memory requests to banks based
on their physical addresses by employing a manufacturer-
specific fixed hash function (referred to as a memory inter-
leaving scheme) that determines the destination bank based
on a subset of the memory request’s physical address.
To deliver maximum overall memory bandwidth, manu-
facturers choose the scheme that maximises the parallelism
across memory banks. For example, many processors use a
cache-block interleaving scheme that implies that accesses to
adjacent cache blocks are served from different banks. While
some manufacturers disclose memory interleaving informa-
tion, others keep this information proprietary [4, 40].
3 Threat Model
We assume a highly restricted setting that is similar to the
public cloud environment [2, 17, 21, 35]. Both sender and
receiver run either natively or in a virtual machine. They do
not have means to guarantee colocation on the same server,
and thus, might be unable to leverage one of the known local
(i.e., on the same node) covert channels. Furthermore, the
sender and receiver are not allowed to directly communicate
with each other over the network, as if the network is logically
separated. We assume that no privilege escalation is possible
and both the sender’s and the receiver’s applications have
normal user privileges. The applications are unable to alter any
of the existing firewall policies and do not have the capability
to observe the network traffic.
To establish a covert communication channel in this envi-
ronment, the sender and the receiver can instead communicate
via an intra-datacenter network by modulating local or remote
memory access latency. For example, both the sender and
the receiver may be able to allocate non-shared remote mem-
ory regions on one of the shared storage servers [34, 44], as
assumed by prior work [26]. The remote memory access la-
tency can be modulated by performing one-sided read and/or
write operations via RDMA. Ideally, the sender can allocate
remote memory on a receiver’s node, allowing the receiver
to observe memory access latency on its own server. How-
ever, this might be difficult to guarantee as the sender has no
knowledge where the receiver is running, and furthermore, is
unable to control where its remote memory is allocated by
the datacenter resource manager.
With Bankrupt, the sender and the receiver can communi-
cate by using the remote memory of one of the other nodes in
the cluster (further referred to as an intermediary), where both
sides can allocate remote memory. To find an intermediary,
both the sender and the receiver may request many storage
4
servers, periodically create and search for the modulated sig-
nal inside the remote memory of each server.
The intermediary is non-malicious and the attacker does
not have direct control over it. The sole requirement is that
the sender and the receiver need to have access to their corre-
sponding – private – memory regions that have been allocated
for their exclusive use with RDMA one-sided operations (i.e.,
remote reads and writes).
4 The Bankrupt Channel
The Bankrupt attack turns the main advantage of RDMA
networks – the direct access to remote memory – into a high-
rate stealthy communication channel that remains robust even
in the presence of noise arising from the network and other
innocuous co-running applications/VMs.
In this section, we describe the attack, introducing a cross-
network timing channel, and provide guidelines for setting
up the Bankrupt channel in an arbitrary RDMA-connected
cluster.
4.1 The Bankrupt Timing Channel
Direct access to remote memory enables the sender to cre-
ate a fast timing channel by modulating the access latency
to a single memory bank by selectively steering legitimate
network traffic to a small subset of memory addresses in the
intermediary’s memory.
The timing channel relies on a number of integration as-
pects of the RDMA NIC and the CPU in a modern server.
First, CPU and RDMA network cards are tightly integrated
via PCIe. This allows the network traffic to flow directly into
the destination CPU’s memory subsystem without any soft-
ware mediation from the destination CPU (§2.2). Second, the
memory bank addressing (memory interleaving) scheme is
static which enables a remote attacker to steer their network
traffic to a single memory bank (§2.3). Finally, the bandwidth
disparity between the 100-200Gb/s network and ~10Gb/s
memory bank enables a remote attacker to easily modulate
the access latency – of a single memory bank – by incurring
queuing at the target memory bank with excessive traffic.
To set up reliable communication, we use a unidirectional
communication protocol. The sender transmits information
as a synchronous analog signal by modulating, at a certain
frequency, the access time of a single bank that is located
in remote memory. By doing that, the sender modulates the
entire network round-trip delay, as observed by the receiver,
for those RDMA packets that go to the target bank in the
remote memory. To transmit a 1, the sender switches the
target memory bank to the contended state (i.e., high access
time during a period) by steering the network traffic in the
form of bursts of RDMA read operations to the bank3. To
3Cache blocks, accessed by RDMA reads, are not allocated in a CPU’s
transmit a 0, the sender does not issue network traffic, leaving
the bank in the uncontended state (i.e., low access time) for
the time period that is defined by the sending frequency.
To read the transmitted signal, the receiver issues probes,
which are normal RDMA read operations, at a certain fre-
quency to measure and record the observed remote memory
access latency. The sender splinters the messages into fixed-
sized packets with a pre-defined preamble as a packet header,
followed by a payload. The preamble contains a number of
bits that would indicate the beginning of a message to the re-
ceiver while the payload contains the transmitted information.
Transmission accuracy can be further improved by adding
error correction codes to the packet header, though we do not
take advantage of it in this work.
4.2 Bankrupt Setup Guidelines
To set up the channel, both the sender and the receiver need
to find a subset of remote memory addresses that belong to
the same memory bank in the intermediary’s memory – this
bank will serve as the actual timing channel. The sender needs
to adjust the size of the bursts of RDMA operations and to
select the appropriate sending frequency. The receiver needs
to tune its probing frequency. We next discuss each of these
requirements.
4.2.1 Identifying RDMA Addresses that Belong to the
Same Memory Bank
The sender and the receiver (which, together, we refer to as
the “attacker”) can use an arbitrary bank in the intermediary.
The choice of the bank is defined by the subset of the virtual
address bits (further referred to as bank bits), the value of
which tells the memory controller which bank to route a mem-
ory request to (§2.3). For simplicity, the attacker can set the
bank bits to a pre-defined value (e.g., all zeros). The attacker
(both the sender and the receiver can do it separately) just
needs to find any addresses with bank bits set to that value.
The attacker starts by locating the bank bits. These bits are
normally located in the least-significant, i.e., [0:X], part of the
address (§2.3) in order to balance the load across all available
banks. Hence, the attacker needs to derive X to locate the
positions of the bank bits.
Since modern computer systems manage memory at the
granularity of pages (Linux/x86 uses 4KB, 2MB, and 1GB
pages), a subset of least-significant bits (LSBs) in a virtual ad-
dress and the corresponding physical address are identical. In
RDMA-connected systems where low latency is a priority, the
vendors often use large, 2MB or 1GB, pages for remote mem-
ory to avoid the bulk of translation cache misses in RDMA
NICs [13, 37, 49, 57]. If 2MB or 1GB pages are used, vir-
tual and physical addresses share 20 or 30 LSBs, respectively.
Knowing just 20 LSBs is enough to locate the positions of
last-level cache to avoid cache pollution [23].
5
all the bits in a virtual address that identify a bank for some
systems while knowing 30 bits is enough for all the systems
that we, or prior work [40], tested.
The attacker can identify the positions of the bank bits in an
address by using a search algorithm, of the linear complexity
in the number of address bits, that we propose – by using
only RDMA read operations, i.e., without the need to run any
software on the intermediary node. First, the attacker chooses
a set of unique arbitrary virtual addresses that are 64-byte
(cache-block) aligned, i.e., the bits [0:5] in the address must
be zero while bits [6:63] have arbitrary (e.g., random) values.
The number of addresses needs to be big enough to not fit
in a CPU’s memory controller’s hardware buffer at once to
avoid coalescing requests to the same address. We find that a
set of 64 addresses is big enough for all the platforms that we
tested.
Second, the attacker starts to issue RDMA reads to those
addresses and estimates the network throughput that they gen-
erate, based on the number of RDMA reads that complete in a
period of time4. If the traffic exceeds the throughput of a sin-
gle memory bank (~1.2GB/s in our experiments), the memory
requests get served by several banks. Then, the attacker sets
bits [0:6] to zero and repeats the measurement and compares
the network throughput to the throughput of a single bank.
The procedure is repeated until the throughput converges that
would reveal the X parameter. Every iteration zeros up to 1
bank bit that cuts out a half of the banks, until the throughput
is equal to the throughput of a single bank. After knowing
the position of the bank bits (i.e., X), the attacker can use
any addresses that have identical address bits in the range of
[0:X].
4.2.2 Tuning Burst Characteristics
The sender modulates the access time of the target bank by
causing queuing effects in the bank’s queue inside the mem-
ory controller. To cause queuing, the sender issues bursts of
RDMA reads to the addresses of the data inside that bank. We
provide guidelines for the sender to shape the traffic to pro-
duce a robust signal that is visible across the RDMA network.
To guarantee visibility of the signal, the sender must issue
bursts that the target bank can drain in a large – microsecond-
scale – period of time. A memory bank serves read accesses
to any of these addresses serially and each one within a fixed
service time that is 39-45ns (§2.3). This enables the attacker
to accurately estimate the service time of a bank depending
on the queue depth. Given the predictability of the RDMA
network (§2.2), it becomes possible to modulate the RDMA
network round-trip delay with a high precision.
4The attacker requires no network traffic monitoring capabilities.
4.2.3 Tuning Sender’s and Receiver’s Frequency
To maximize the transmission bandwidth of the channel, the
sender needs to find the maximum frequency, i.e., the mini-
mum period, which depends on the time the target bank takes
to serve a burst as well as the level of noise in the system.
There are two types of noise that may impact Bankrupt’s
transmission speed and accuracy. First is the network traffic
that comes from other innocuous applications, which share
the same physical network, that may increase network delays.
The other type of noise is the memory traffic that comes from
innocuous software that runs on the intermediary that may
cause extra queuing at the memory banks.
To overcome the noise level, the sender may need to in-
crease the burst size so that the modulated delay is higher than
the noise level, i.e., maintain the signal/noise ratio more than
1. Hence, the sender should periodically adjust its frequency
according to the environment changes: larger bursts improve
the signal/noise ratio but take longer to drain which limits
the sending frequency. To determine the optimal sending fre-
quency, both the sender and the receiver measure the current
network round-trip time (that is the proxy of the noise level)
and determine the minimal required burst size for the current
noise level. Given the pre-defined preamble in packet headers,
the receiver can derive the sending frequency and adjust to its
changes.
The receiver needs to issue probes, in the form of RDMA
reads, to the intermediary’s bank to detect the transmitted sig-
nal. The probing frequency needs to be high enough to allow
the receiver to reconstruct the signal. To reliably detect that
the target bank is in the contended state, the receiver should
be able to perform several measurements of the round-trip
time per single sending period. Then, for each sending period,
the receiver computes the 80th percentile of the measurements
during that period, to discount the rising and falling edges
of the analog signal, and compares its value to the 95th per-
centile latency of the network round-trip in the absence of
the channel, to discount the rare RDMA network latency out-
liers (§2.2). If the former is larger than the latter, the receiver
records a 1, otherwise – a 0.
5 Methodology
We evaluate Bankrupt in terms of transmission bandwidth,
accuracy, and stealthiness.
We mount Bankrupt on a private cluster to examine the
performance in isolation and under various types of load. To
demonstrate the feasibility of the Bankrupt channel in a public
cloud, we evaluate it on CloudLab [9, 45] – a public cloud
in use by Computer Science researchers. We evaluated the
Bankrupt channel using CloudLab’s Utah cluster that connects
200 nodes with a high-speed RDMA network. At the time of
testing, the utilization of the nodes in the cluster was 80%. The
specifications of our private cluster and the CloudLab Utah
6
Private Cluster CloudLab Utah
CPU
Xeon E5-2630v4
@2.20GHz
(Broadwell)
Xeon E5-2640v4
@2.40GHz
(Broadwell)
RAM 4×16GB, DDR4-2400 4×16GB, DDR4-2400
NIC
Mellanox MT27800
CX-5, 56Gb/s
Mellanox MT27710
CX-4 Lx, 50Gb/s
Core
switches — 1 Mellanox 2700
ToR
switches Mellanox SX6012 5 Mellanox 2410
OS Ubuntu 18.04 Ubuntu 16.04
Kernel 4.15.0-58-generic 4.15.0-88-generic
Nodes 6 200
Table 1: Specifications of studied platforms.
cluster are presented in Table 1. Similarly to prior work [40],
we enable 1GB large pages on our experimental platforms as
they are widely used in RDMA deployments [37, 49, 57]. In
all of our experiments, the sender and the receiver use RDMA
reads of 64 Bytes.
To evaluate the bandwidth and accuracy of a transmission
through the Bankrupt channel, we send a repeating message of
11001010. We use a constant 32-bit long preamble of 10..10
to tune the decoder before decoding the payload of 200 bits
in all experiments, unless stated otherwise. We report trans-
mission bandwidth as raw channel bandwidth discounting
preambles. We measure accuracy as the fraction of correctly
decoded bits in the message that we are sending. We keep the
receiver’s frequency set to 500ns in all our experiments as we
found that its impact on accuracy is rather moderate.
6 Evaluation
In this section we demonstrate the properties of the Bankrupt
attack in isolation and under various types of load. We con-
clude the section with an evaluation of the stealthiness char-
acteristics of the channel and its performance in a realistic
datacenter environment.
6.1 Performance in Isolation
Following the algorithm in §4.2.1, we found that the bank bits
are located at the positions of bits [6:26] in the address.
Figure 3 shows that the latency gap for burst size of 32 is
around 0.5 microsecond that is the minimal burst size that
allows signal decoding. By increasing the burst size to 128,
the latency gap becomes twice bigger that is comparable to
the network round-trip, making the signal more profound.
Figure 4 indicates that there is a trade-off between the trans-
mission bandwidth and the accuracy of the channel. A larger
burst size causes longer queues at the intermediary’s bank
(a) Burst size 32
(b) Burst size 64
(c) Burst size 128
Figure 3: Signal observed by the receiver in isolation in our
private cluster.
that increases the latency gap between the bank’s contended
and uncontended states, increasing the accuracy. However,
draining longer queues decreases the transmission frequency,
reducing the bandwidth of the channel.
We find that the burst size of 32 delivers best throughput
and accuracy characteristics of the channel in our private
cluster: about 137 Kb/s bandwidth with the accuracy of 95%.
6.2 Performance Under Load
To evaluate the channel in the presence of noise, we model
both the noise coming from other workloads scheduled on the
intermediary’s CPU and network traffic.
7
Figure 4: Transmission bandwidth and accuracy of the
Bankrupt covert channel in isolation and in CloudLab.
Figure 5: Signal observed by the receiver in the presence of
local load in our private cluster. The burst size is 32.
6.2.1 Local Load
To model the local load in the intermediary’s memory, we
launch 16 instances of the mcf benchmark, taken from the
popular SPEC 2006 benchmark suite [20], on the intermedi-
ary node. mcf is the most memory-intensive benchmark from
that suite [24]. 16 instances of mcf that together generate a
variable load on the intermediary’s memory ranging from
2GB/s to 8GB/s. This is equal to 32MB/s to 128MB/s for
each bank, assuming that on average the load spreads evenly
among banks.
Figure 5 shows the signal observed by the receiver for the
burst size of 32 in the presence of the local load. The signal
is indistinguishable from the one observed in isolation for
the same burst size (Figure 3). The throughput and the error
remain the same as in the isolated performance. The channel
is unaffected by other workloads running on the intermedi-
ary because each individual bank receives a relatively small
amount of traffic, since the load spreads out to all banks in
the system (§2.3).
6.2.2 Network Load
To model network load on the intermediary, we use the
ib_read_bw benchmark, which is part of the RDMA Perftest
(a) Burst size 32
(b) Burst size 128
Figure 6: Signal observed by the receiver in the presence of
network load in the private cluster.
[31]. We launch ib_read_bw from a node, which is different
from the three nodes we use for the channel. The network
loader generates network traffic to the intermediary, loading
the network link, top-of-the-rack switch, and the NIC of the
intermediary.
The network loader generates network bandwidth directed
to the intermediary. The generated load is equal to ~40Gb/s
which is around 70% of the intermediary’s total link band-
width.
Figure 6 shows the signal observed by the receiver in the
presence of network load. With the burst size of 32, the signal
is noisy, which prevents signal decoding because the round-
trip delay, recorded by the receiver, often spikes to 3 microsec-
onds. However, with the burst size of 128, the signal is clearly
visible atop of the noise as the latency gap between contended
and uncontended states of the bank exceeds 1 microsecond.
For the burst size of 128, the channel achieves a throughput
of 70 Kb/s and 93% accuracy. For the burst size of 64, the
channel’s bandwidth is 96 Kb/s with an accuracy of 85%.
Compared to the best performance in isolation, the throughput
decreases by 30%.
One can conclude that the channel remains robust in the
presence of the network load provided that the size of the
bursts is adjusted accordingly. Our experiments suggest that
the accuracy drop can be significantly mitigated at the cost of
a moderate degradation in the transmission bandwidth.
8
Burst 1024 512 256 128 64 32 16
Traffic 1.04 0.97 0.82 0.67 0.48 0.31 0.18
Table 2: Memory traffic (in GB/s) generated by the Bankrupt
channel, depending on the burst size, on the intermediary. The
maximum measured bandwidth per bank is 1.22GB/s.
6.3 Stealthiness
We measure the stealthiness of Bankrupt by transmitting 1s to
cause maximum memory bandwidth pressure at the interme-
diary (because transmitting 0s does not generate traffic). We
use Perf [12] to monitor the memory traffic on the interme-
diary. We use aggregate CPU counters, as, to the best of our
knowledge, there are no CPUs that feature CPU counters that
account for memory requests at the memory bank granularity.
Table 2 shows the memory traffic that is generated by an
active Bankrupt channel on the intermediary. For the burst
sizes of 32 and 128, the attack generates memory bandwidth
of 0.31GB/s and 0.67GB/s, accordingly. For modern CPUs,
which feature 20-32GB/s per channel thanks to the many
memory banks, the attack increases their memory bandwidth
counters negligibly.
We use a random-access microbenchmark that measures
the memory access latency individually using rdtsc regis-
ter with and without the active Bankrupt channel. Figure 7
demonstrates the median and the tail memory latency on our
cluster while the channel is not active and while the channel is
active with different burst sizes. The 99th percentile increases
by less than 10% between the unloaded case and burst size
128. For burst size 32, the 99.9th and the 99.99th percentiles
increase by approximately 20% and 70%, respectively. For
burst sizes of 512 and larger, the 99.9th and 99.99th percentiles
increase from 200% to 400%, but such large bursts are not
necessary to transmit a message, as we show in §6.1.
Overall, the Bankrupt attack influences only very high per-
centiles of the memory access time, and injects negligible
memory traffic, that are challenging to monitor even in the
absence of other workloads scheduled on the intermediary’s
CPU, or other types of the system noise, that renders the attack
virtually undetectable.
6.4 Public Cloud Performance
Similarly to the experiments in the private cluster, we iden-
tified that the bank bits on CloudLab’s servers are located at
the positions of bits [6:27] in the address.
As expected for a public cloud, we found that CloudLab’s
network is more noisy than our private cluster in isolation
(§6.1), however less noisy than in the adversarial scenario
where we inject network noise with a network loader bench-
mark (§6.2.2). To stabilize the signal for efficient decoding
on CloudLab, we use a smaller 100-bit payload size while
keeping the preamble of the same 32-bit size.
Burst Size
La
te
nc
y 
(n
s)
0
500
1000
1500
2000
2500
20
48
10
2451
2
25
6
12
8643216840
99.99 99.9 99 90 50
Figure 7: Local memory access latency percentiles recorded
on the intermediary during active communication over the
Bankrupt channel. Burst size of 0 stands for no active channel.
Lines for the 90th and for 50th percentiles appear overlapping.
Figure 4 shows that the channel achieves ~40% less trans-
mission bandwidth than in the private cluster with almost the
same accuracy. This bandwidth reduction can be attributed to
two factors: first, the network round-trip in CloudLab is larger
due to its scale, and, second, we reduced the payload size in a
packet, devoting 13% more of the channel’s raw bandwidth
for transmitting headers (i.e., preambles). We find that the
minimal burst size that allows decoding is 32 that is equal
to the minimum burst size in our experiments in the private
cluster. With the burst size of 32, Bankrupt provides 99Kb/s
transmission bandwidth with 96% accuracy. Increasing the
burst size to 128 allows to increase the transmission accuracy
to 99% while still providing 55Kb/s transmission bandwidth.
7 Detection and Mitigation
Bankrupt does not impact the local memory access time, up
to the 99th percentile (§6.3). Available CPU counters account
memory requests per memory controller that is too coarse-
grain to reliably detect memory traffic spikes of <1GB/s to
one of the memory banks. We propose adding per-bank CPU
counters to detect the load skew at a finer granularity. How-
ever, even though these counters are likely to reveal the attack
happening, they would not allow to track down the source of
the attack because many applications within the same RDMA
network may have access to the remote memory on the inter-
mediary node simultaneously.
We anticipate that architectural changes of the CPU are
required to close the Bankrupt channel. As we showed in
§6, the Bankrupt channel is robust to different types of noise
so noise injection is unlikely to be an effective preventive
9
measure. Instead, we suggest eliminating the root cause of the
vulnerability that is the static memory interleaving scheme
that RDMA exposes to an attacker. Hence, CPU architects
may consider using a cryptographic block-cipher function,
that a memory controller can use for routing memory requests
to memory banks, instead of the static one. Using a crypto-
graphic function would significantly complicate the search of
addresses that belong to one bank (§4.2.1). Prior work demon-
strate that a block-cipher ASIC can perform an encryption
operation (e.g., for routing memory requests) in as little as
10ns, and integrating these ASICs inside memory controllers
would come at the cost of <0.1% silicon area for a modern
CPU [7]. Compared to the memory access latency of a modern
CPU, which is normally slightly over 100ns [1], we anticipate
a moderate performance impact both for the software that
runs locally on the CPU and the RDMA network latency.
8 Responsible Disclosure & Code Availability
We responsibly disclosed the vulnerability to Intel on January
27th 2020, and provided our proof-of-concept code to their
security team that confirmed that "an adversary can exfiltrate
information leveraging the Bankrupt attack". However, Intel’s
response highlighted that Intel provide no security guarantees
if RDMA-equipped servers are available for use of untrusted
parties, i.e., in a public cloud. We disclosed our work to Mi-
crosoft Azure’s security team that "determined that the attack
does not pose a risk to Azure infrastructure due to their archi-
tectural decisions". We plan to publicly release the necessary
proof-of-concept code by the time this work is published.
9 Related Work
Single-CPU covert channels. Wu et al. [51] constructs a ro-
bust covert channel between virtual machines on different
cores of the same node by locking the memory bus with
atomic operations. The DRAMA covert channel is based on
the timing difference of row buffer hits and misses at DRAM
memory banks [40]. Similar to this work, DRAMA reverse-
engineers, using a brute-force search approach, the exact po-
sitions and functions of all the bits in a memory address but
does so by running software on the target node directly. In
contrast, our method allows to retrieve the positions of all
the bits that identify memory banks, in a time linear in the
number of address bits that is fast in practice, which is neces-
sary to locate addresses in memory banks, across an RDMA
network. Contrary to the above memory-based channels, the
Bankrupt timing channel relies on inducing queuing effects
in the per-bank queues inside a memory controller.
Masti et al. leverage the heat that CPU cores emit to
establish covert communication [29]. Xiao et al. exploit
memory deduplication to construct a covert channel in
a virtualized environment [52, 53]. Other works rely on
accesses to private [39] and shared CPU caches [28, 30],
including the use of clflush instructions [16]. In contrast
to all these channels, Bankrupt overcomes the requirement
of colocating the sender and the receiver on the same CPU,
enabling covert communication across an RDMA network.
Cross-network covert channels. Ovadya et al. exploit the
design of network protocols such as ARP, SSH, an ICMP to
construct covert channels in routers in TCP/IP networks [38].
Tahir et al. design a covert channel exploiting network links
and routers sharing across virtual networks [46]. Both of these
channels deliver transmission bandwidth below 2 Kb/s in con-
trast to 99Kb/s provided by Bankrupt. Recent works have
discovered covert channels in modern RDMA deployments.
Pythia [47] demonstrates a timing channel in the NIC-internal
translation buffer. The channel requires the use of small (e.g.,
4KB) pages for the RDMA-exposed regions while the use
of large pages is widespread in settings where low latency is
a priority [13, 17, 37, 49, 57]. The use of large pages imme-
diately exposes the system to the Bankrupt attack. NetCAT
designs a covert channel by leveraging Intel Data-Direct I/O
(DDIO) [23] that allows buffering of RDMA packets in the
destination’s CPU’s last-level cache [26]. Contrary to Net-
CAT, Bankrupt cannot be mitigated by disabling DDIO as its
timing channel resides in the memory controller.
10 Conclusion
Covert channels enable sensitive data exfiltration, bypassing
information containment measures, from a secure cloud envi-
ronment to the outside world. From the attacker’s perspective,
an ideal covert channel should be general enough to unlock
high-rate data transfers of an arbitrary size across a wide-area
while remaining undetectable from a cloud vendor’s monitor-
ing capabilities. Our work introduces Bankrupt, a high-rate
cross RDMA-network covert channel, that meets all of these
requirements, by allowing the spy (sender) and the receiver
malware, running on different nodes in the network, to com-
municate via the remote memory that is hosted on a third –
innocuous – node in the same network.
We showcase that Bankrupt delivers up to 99Kb/s trans-
mission bandwidth with 96% accuracy in a large-scale public
cloud environment inside the Cloudlab datacenter facility, and
up to 137Kb/s with the accuracy of 95% in our private cluster.
We demonstrate that Bankrupt remains highly robust even
in a noisy environment while remaining stealthy to anomaly
monitoring capabilities, like CPU counters.
References
[1] 7-Zip LZMA Benchmark. Available at https://www.7-
cpu.com.
10
[2] Alibaba. Alibaba Builds High-Speed RDMA Network
for AI and Scientific Computing, 2019. Available at
https://www.alibabacloud.com/blog/alibaba-
builds-high-speed-rdma-network-for-ai-and-
scientific-computing_594895.
[3] AMD. AMD EPYC 7002 Series Processors. Avail-
able at https://www.amd.com/en/processors/epyc-
7002-series.
[4] AMD. BIOS and Kernel Developer’s Guide (BKDG)
for AMD Family 16h Models 30h-3Fh Processors.
Available at https://www.amd.com/system/files/
TechDocs/52740_16h_Models_30h-3Fh_BKDG.pdf.
[5] AWS. Placement groups. Available at
https://docs.aws.amazon.com/AWSEC2/latest/
UserGuide/placement-groups.html.
[6] Azure. Announcing the general availability
of proximity placement groups. Available at
https://azure.microsoft.com/en-us/blog/
announcing-the-general-availability-of-
proximity-placement-groups.
[7] Christof Beierle, Jérémy Jean, Stefan Kölbl, Gregor Le-
ander, Amir Moradi, Thomas Peyrin, Yu Sasaki, Pascal
Sasdrich, and Siang Meng Sim. The skinny family of
block ciphers and its low-latency variant mantis. In
Annual International Cryptology Conference. Springer,
2016.
[8] Xiaoqi Chen, Shir Landau Feibish, Yaron Koral, Jennifer
Rexford, and Ori Rottenstreich. Catching the microburst
culprits with snappy. SelfDN 2018 - Proceedings of the
2018 Afternoon Workshop on Self-Driving Networks,
Part of SIGCOMM 2018, 2018.
[9] CloudLab. CloudLab. Available at https://
www.cloudlab.us.
[10] Cybersecurity Insiders. Top 5 cloud se-
curity related data breaches! Available at
https://www.cybersecurity-insiders.com/top-
5-cloud-security-related-data-breaches.
[11] Richard Cziva, Christopher Lorier, and Dimitrios P.
Pezaros. Ruru: High-speed, flow-level latency mea-
surement and visualization of live internet traffic.
SIGCOMM Posters and Demos 2017 - Proceedings
of the 2017 SIGCOMM Posters and Demos, Part of
SIGCOMM 2017, 2017.
[12] Arnaldo Carvalho De Melo. The new linux’perf’tools.
In Slides from Linux Kongress, 2010.
[13] Aleksandar Dragojevic´, Dushyanth Narayanan, Miguel
Castro, and Orion Hodson. Farm: Fast remote memory.
In 11th {USENIX} Symposium on Networked Systems
Design and Implementation ({NSDI} 14), 2014.
[14] EasyJet. EasyJet hacked for four months, data on
9 million customers and 2,000 credit cards stolen.
Available at https://www.forbes.com/sites/
thomasbrewster/2020/05/19/easyjet-hacked-
9-million-customers-and-2000-credit-cards-
hit.
[15] Fortune. LinkedIn lost 167 million account
credentials in data breach. Available at
https://fortune.com/2016/05/18/linkedin-
data-breach-email-password.
[16] Daniel Gruss, Clémentine Maurice, Klaus Wagner, and
Stefan Mangard. Flush+Flush: A fast and stealthy cache
attack. In International Conference on Detection of
Intrusions and Malware, and Vulnerability Assessment.
Springer, 2016.
[17] Chuanxiong Guo, Haitao Wu, Zhong Deng, Gaurav Soni,
Jianxi Ye, Jitu Padhye, and Marina Lipshteyn. RDMA
over commodity ethernet at scale. In Proceedings of the
2016 ACM SIGCOMM Conference, 2016.
[18] Health IT Security. The 10 biggest healthcare
data breaches of 2019, so far. Available at https:
//healthitsecurity.com/news/the-10-biggest-
healthcare-data-breaches-of-2019-so-far.
[19] Healthcare IT News. Data on 150,000 patients
exposed in another misconfigured AWS bucket.
Available at https://www.healthcareitnews.com/
news/data-150000-patients-exposed-another-
misconfigured-aws-bucket.
[20] John L. Henning. SPEC CPU2006 benchmark descrip-
tions. ACM SIGARCH Computer Architecture News,
(4), 2006.
[21] Huawei. Huawei launches Mellanox-based InfiniBand
EDR 100 Gbps switch solution, 2016. Available
at https://www.huawei.com/en/press-events/
news/2016/6/Mellanox-Based-InfiniBand-EDR-
100Gbps-Switch-Solution.
[22] Information Age. Addressing the issue of
data leakage from the cloud. Available at
https://www.information-age.com/addressing-
data-leakage-cloud-123486781.
[23] Intel. Intel Data Direct I/O Technology (In-
tel DDIO): A Primer. Available at https:
//www.intel.com/content/dam/www/public/
us/en/documents/technology-briefs/data-
direct-i-o-technology-brief.pdf.
11
[24] Aamer Jaleel. Memory characterization of work-
loads using instrumentation-driven simulation, 2010.
Available at http://www.jaleels.org/ajaleel/
publications/SPECanalysis.pdf.
[25] Raj Joshi, Ting Qu, Mun Choon Chan, Ben Leong,
and Boon Thau Loo. BurstRadar: Practical real-
time microburst monitoring for datacenter networks.
In Proceedings of the 9th Asia-Pacific Workshop on
Systems, 2018.
[26] Michael Kurth, Ben Gras, Dennis Andriesse, Cristiano
Giuffrida, Herbert Bos, and Kaveh Razavi. NetCAT:
Practical cache attacks from the network, 2020.
[27] Butler W. Lampson. A note on the confinement problem.
Communications of the ACM, (10), 1973.
[28] Fangfei Liu, Yuval Yarom, Qian Ge, Gernot Heiser, and
Ruby B. Lee. Last-level cache side-channel attacks are
practical. In 2015 IEEE symposium on security and
privacy. IEEE, 2015.
[29] Ramya Jayaram Masti, Devendra Rai, Aanjhan Ran-
ganathan, Christian Müller, Lothar Thiele, and Srd-
jan Capkun. Thermal covert channels on multi-core
platforms. In 24th {USENIX} Security Symposium
({USENIX} Security 15), 2015.
[30] Clémentine Maurice, Christoph Neumann, Olivier Heen,
and Aurélien Francillon. C5: Cross-cores cache covert
channel. In DIMVA, 2015.
[31] Mellanox. Mellanox Perftest Package, 2017. Available
at https://community.mellanox.com/s/article/
perftest-package.
[32] Micron. Micron DDR2 SDRAM datasheet.
Available at http://www.micron.com/-/media/
documents/products/data%20sheet/dram/ddr2/
2gb_ddr2.pdf.
[33] Micron. Micron DDR4 SDRAM datasheet. Available
at https://www.micron.com/-/media/client/
global/documents/products/data-sheet/dram/
ddr4/8gb_ddr4_sdram.pdf.
[34] Microsoft. SMB-Direct. Available at
https://docs.microsoft.com/en-us/windows-
server/storage/file-server/smb-direct.
[35] Microsoft. Availability of Linux RDMA
on Microsoft Azure, 2015. Available at
https://azure.microsoft.com/en-gb/blog/
azure-linux-rdma-hpc-available.
[36] Microsoft. Introducing the new HBv2 Azure virtual
machines for high-performance computing, 2019.
Available at https://azure.microsoft.com/en-
us/blog/introducing-the-new-hbv2-azure-
virtual-machines-for-high-performance-
computing.
[37] Stanko Novakovic, Yizhou Shan, Aasheesh Kolli,
Michael Cui, Yiying Zhang, Haggai Eran, Boris Pis-
menny, Liran Liss, Michael Wei, Dan Tsafrir, and Mar-
cos Aguilera. StoRM: A fast transactional dataplane for
remote data structures. SYSTOR 2019 - Proceedings
of the 12th ACM International Systems and Storage
Conference, 2019.
[38] Adar Ovadia, Rom Ogen, Yakov Mallah, Niv Gilboa,
and Yossi Oren. Cross-router covert channels. In
13th USENIX Workshop on Offensive Technologies
(WOOT 19), Santa Clara, CA, August 2019. USENIX
Association.
[39] Colin Percival. Cache missing for fun and profit, 2005.
[40] Peter Pessl, Daniel Gruss, Clémentine Maurice, Michael
Schwarz, and Stefan Mangard. DRAMA: Exploiting
DRAM addressing for cross-CPU attacks. In 25th
{USENIX} Security Symposium ({USENIX} Security
16), 2016.
[41] Diana Andreea Popescu and Andrew W. Moore.
PTPmesh: Data Center Network Latency Measure-
ments Using PTP. In Proceedings - 25th IEEE
International Symposium on Modeling, Analysis and
Simulation of Computer and Telecommunication
Systems, MASCOTS 2017. IEEE, sep 2017.
[42] Diana Andreea Popescu and Andrew W. Moore. A
first look at data center network condition through the
eyes of PTPmesh. In TMA 2018 - Proceedings of
the 2nd Network Traffic Measurement and Analysis
Conference, 2018.
[43] Joel Reardon, Álvaro Feal, Primal Wijesekera, Amit
Elazari Bar On, Narseo Vallina-Rodriguez, and Serge
Egelman. 50 Ways to Leak Your Data: An exploration of
apps’ circumvention of the android permissions system.
In 28th {USENIX} Security Symposium ({USENIX}
Security 19), 2019.
[44] RedHat. NFS over RDMA. Available at
https://access.redhat.com/documentation/
en-us/red_hat_enterprise_linux/6/html/
storage_administration_guide/nfs-rdma.
[45] Robert Ricci, Eric Eide, and CloudLab Team. Introduc-
ing CloudLab: Scientific infrastructure for advancing
cloud architectures and applications. The magazine of
USENIX & SAGE, (6), 2014.
12
[46] Rashid Tahir, Mohammad Taha Khan, Xun Gong, Ad-
nan Ahmed, Amiremad Ghassami, Hasanat Kazmi,
Matthew Caesar, Fareed Zaffar, and Negar Kiyavash.
Sneak-peek: High speed covert channels in data cen-
ter networks. In IEEE INFOCOM 2016-The 35th
Annual IEEE International Conference on Computer
Communications. IEEE, 2016.
[47] Shin-Yeh Tsai, Mathias Payer, and Yiying Zhang.
Pythia: Remote oracles for the masses. In 28th
USENIX Security Symposium (USENIX Security 19),
Santa Clara, CA, August 2019. USENIX Association.
[48] UpGuard. What are cloud leaks? Available at https:
//www.upguard.com/blog/what-are-cloud-leaks.
[49] Zhi Wang, Xiaoliang Wang, Zhuzhong Qian, Baoliu
Ye, and Sanglu Lu. RDMAvisor: Toward Deploying
Scalable and Simple RDMA as a Service in Datacenters.
CoRR, 2018.
[50] Wired. Hack Brief: 4-year-old Dropbox hack
exposed 68 million people’s data. Available at
https://www.wired.com/2016/08/hack-brief-
four-year-old-dropbox-hack-exposed-68-
million-peoples-data.
[51] Zhenyu Wu, Zhang Xu, and Haining Wang. Whis-
pers in the hyper-space: High-bandwidth and reliable
covert channel attacks inside the cloud. IEEE/ACM
Transactions on Networking, (2), 2014.
[52] Jidong Xiao, Zhang Xu, Hai Huang, and Haining Wang.
A covert channel construction in a virtualized environ-
ment. In Proceedings of the 2012 ACM conference on
Computer and communications security, 2012.
[53] Jidong Xiao, Zhang Xu, Hai Huang, and Haining Wang.
Security implications of memory deduplication in a vir-
tualized environment. In 2013 43rd Annual IEEE/IFIP
International Conference on Dependable Systems and
Networks (DSN). IEEE, 2013.
[54] Yuval Yarom and Katrina Falkner. FLUSH+RELOAD:
A high resolution, low noise, L3 cache side-channel
attack. In 23rd {USENIX} Security Symposium
({USENIX} Security 14), 2014.
[55] ZDNet. Hacker leaks passwords for more than
500,000 servers, routers, and IoT devices. Available at
https://www.zdnet.com/article/hacker-leaks-
passwords-for-more-than-500000-servers-
routers-and-iot-devices.
[56] Yunqi Zhang, David Meisner, Jason Mars, and Lingjia
Tang. Treadmill: Attributing the source of tail latency
through precise load testing and statistical inference.
Proceedings - 2016 43rd International Symposium on
Computer Architecture, ISCA 2016, 2016.
[57] Peipei Zhou, Zhenyuan Ruan, Zhenman Fang, Megan
Shand, David Roazen, and Jason Cong. Doppio: I/O-
aware performance analysis, modeling and optimization
for in-memory computing framework. Proceedings -
2018 IEEE International Symposium on Performance
Analysis of Systems and Software, ISPASS 2018,
(March), 2018.
13
