Write plus Sync: Software Cache Write Covert Channels Exploiting Memory-Disk Synchronization

Memory-disk synchronization is a critical technology for ensuring data correctness, integrity, and security, especially in systems that handle sensitive information like financial transactions and medical records. We propose Write+Sync, a group of attacks that exploit the memory-disk synchronization primitives. Write+Sync works by subtly varying the timing of synchronization on a software cache (i.e., the write buffer), offering two advantages: 1) implemented purely in software, enabling deployment on any hardware devices; 2) resilient against existing countermeasures. We present the principles of Write+Sync through the implementation of two write covert channel protocols, using either a single file or page, and introduce three enhanced strategies that utilize multiple files and pages. The feasibility of these channels is demonstrated in both cross-process and cross-sandbox scenarios across diverse operating systems (OSes). Experimental results show that, the average rate can reach 2.036 Kb/s (with a peak rate of 14.762 Kb/s) and the error rate is 0% on Linux; when running on macOS, the average rate achieves 10.211 Kb/s (with a peak rate of 253.022 Kb/s) and the error rate is 0.004%. To show its security implications, we evaluate it using two case studies-website fingerprinting and performance degradation attacks. To the best of our knowledge, Write+Sync is the first high-speed write covert channel for software cache.