Scientists have built a variety of covert channels for secretive information transmission with CPU cache and main memory. In this paper, we turn to a lower level in the memory hierarchy, i.e., persistent storage. Most programs store intermediate or eventual results in the form of files and some of them call fsync to synchronously persist a file with storage device for orderly persistence. Our quantitative study shows that one program would undergo significantly longer response time for fsync call if the other program is concurrently calling fsync, although they do not share any data. We further find that, concurrent fsync calls contend at multiple levels of storage stack due to sharing software structures (e.g., Ext4's journal) and hardware resources (e.g., disk's I/O dispatch queue). We accordingly build a covert channel named Sync+Sync. Sync+Sync delivers a transmission bandwidth of 20,000 bits per second at an error rate of about 0.40% with an ordinary solid-state drive. Sync+Sync can be conducted in cross-disk partition, cross-file system, cross-container, cross-virtual machine, and even cross-disk drive fashions, without sharing data between programs. Next, we launch side-channel attacks with Sync+Sync and manage to precisely detect operations of a victim database (e.g., insert/update and B-Tree node split). We also leverage Sync+Sync to distinguish applications and websites with high accuracy by detecting and analyzing their fsync frequencies and flushed data volumes. These attacks are useful to support further fine-grained information leakage.

翻译：科学家已利用CPU缓存和主存构建了多种用于秘密信息传输的隐蔽信道。本文转向内存层次结构中更低的一级——持久性存储设备。大多数程序以文件形式存储中间或最终结果，其中部分程序会调用fsync以同步方式将文件持久化至存储设备，从而实现有序持久化。我们的定量研究表明，当一个程序并发调用fsync时，另一个程序的fsync调用会经历显著更长的响应时间，尽管它们并未共享任何数据。我们进一步发现，并发的fsync调用会在存储栈的多个层级发生争用，这是由于共享软件结构（如Ext4的日志）和硬件资源（如磁盘的I/O调度队列）所致。基于此，我们构建了一个名为Sync+Sync的隐蔽信道。在普通固态硬盘上，Sync+Sync实现了每秒20,000比特的传输带宽，误码率约为0.40%。Sync+Sync可在跨磁盘分区、跨文件系统、跨容器、跨虚拟机甚至跨磁盘驱动器的方式下实施，且程序间无需共享数据。随后，我们利用Sync+Sync发起侧信道攻击，成功精确检测受害数据库的操作（如插入/更新及B-Tree节点分裂）。我们还借助Sync+Sync通过检测和分析应用程序及网站的fsync频率与刷新数据量，以高准确率区分不同应用和网站。这些攻击可用于支持进一步细粒度的信息泄露。