> VMs sharing hardware could talk to each other using the CPU cache
That sounds similar to a paper I read ~20 years ago that described a way to move data from a high privilege process, bypassing mandatory access control (>= TCSEC B), using page faults as a covert channel.
> it happens to run on the same soc as feature y that talk to the can bus
I wonder how many people will have to die to teach car manufacturers the lesson that there shouldn't be any electrical connection at all from the internet to the breaks.
Yep. The TCSEC had covert channel analysis as a requirement. Actually, two of the products (GEMSOS, STOP OS) certified at A1 can still be OEM licensed today in some form with a third (SNS Server) only sold to defense sector. They have plenty of competition, too, in MILS space. Solutions exist.
That sounds similar to a paper I read ~20 years ago that described a way to move data from a high privilege process, bypassing mandatory access control (>= TCSEC B), using page faults as a covert channel.
> it happens to run on the same soc as feature y that talk to the can bus
I wonder how many people will have to die to teach car manufacturers the lesson that there shouldn't be any electrical connection at all from the internet to the breaks.