System and method for uncovering covert timing channels

The invention claimed is: 1. A method for detecting a covert timing channel in a hardware device having a plurality of a memory hardware structures, the method comprising: selecting, by an instruction set architecture having a special instruction, a memory hardware structure from the plurality of memory hardware structures; identifying by a conflict miss tracker hardware, cache conflict miss events at the selected memory hardware structure, said identifying comprising: tracking by the conflict miss tracker hardware, generations comprising a set of cache blocks that are recently accessed for the selected memory hardware structure, wherein a set of generation bits are within the metadata for each cache block; recording by a bloom filter, replaced cache blocks in the cache block generation for the selected memory hardware structure; and identifying at the conflict miss tracker hardware, an event comprising a conflict miss when the bloom filter records a replaced cache block that was replaced by a more recently accessed cache block in the same generation or a younger generation; constructing an event train based on those cache conflict miss events identified by the conflict miss tracker hardware; detecting in the event trains on the conflict miss tracker hardware, oscillating patterns in the event train; determining by the conflict miss tracker hardware, that a covert timing channel exists on the selected memory hardware structure at a microarchitecture-level if an oscillatory pattern is detected. 2. A system for detecting a covert timing channel on hardware device having a plurality of memory hardware structures, said system comprising: an instruction set architecture having a special instruction to select a memory hardware structure from the plurality of memory hardware structures; a conflict miss tracker hardware configured to identify cache conflict miss events for the selected memory hardware structure, construct an event train based on those events, detect oscillatory patterns in the event train, and determine that a covert timing channel exists on the selected memory hardware structure at a microarchitecture-level if an oscillatory pattern is detected, wherein said conflict miss tracker hardware comprises: a set of generation bits within the metadata for each cache block configured to track generations, each generation comprising a set of cache blocks that are recently accessed for the selected memory hardware structure; a bloom filter configured to record replaced cache blocks in said cache block generation for the selected memory hardware structure; and wherein said conflict miss tracker hardware identifies an event comprising a conflict miss when said bloom filter records a replaced cache block that was replaced by a more recently accessed cache block in the same generation or a younger generation. 3. The system of claim 2 , wherein the selected memory hardware structure comprises one of an instruction cache, data cache, and a level-2 cache. 4. The system of claim 2 , wherein said special instruction selects a subset of memory hardware structures from the plurality of memory hardware structures, the subset of memory hardware structures comprising a plurality of selected memory hardware structures; and wherein said conflict miss tracker hardware identifies events, constructs an event train, detects oscillatory patterns, and determines that a covert timing channel exists, for each one of the subset of selected memory hardware structures. 5. A system for detecting a covert timing channel in a hardware device having a plurality of combinational hardware structures and a plurality of memory hardware structures, said system comprising: an instruction set architecture having a special instruction to select one or more combinational hardware structures from the plurality of combinational hardware structures, and one or more memory hardware structures from the plurality of memory hardware structures; a monitor hardware configured to monitor the selected one or more combinational hardware structures at a microarchitecture-level, accumulate microarchitecture-level events at the selected one or more combinational hardware structures, construct an event train based on those accumulated microarchitecture-level events, detect recurrent burst patterns in the event train, and determine that a covert timing channel exists on the selected one or more combinational hardware structures at a microarchitecture-level if a recurrent burst pattern is detected; and a conflict miss tracker hardware configured to identify cache conflict miss events for the selected one or more memory hardware structures, construct an event train based on those identified events, detect oscillatory patterns in the event train, and determine that a covert timing channel exists on the selected one or more memory hardware structures at a microarchitecture-level if an oscillatory pattern is detected, wherein said conflict miss tracker hardware comprises: a set of generation bits within the metadata for each cache block configured to track generations, each generation comprising a set of cache blocks that are recently accessed for the selected memory hardware structure; a bloom filter configured to record replaced cache blocks in said cache block generation for the selected memory hardware structure; wherein said conflict miss tracker hardware identifies an event comprising a conflict miss when said bloom filter records a replaced cache block that was replaced by a more recently accessed cache block in the same generation or a younger generation. 6. The system of claim 5 , wherein event information pertaining to the plurality of combinational hardware structures is accumulated in one or more registers. 7. The system of claim 5 , wherein event information pertaining to the plurality of memory hardware structures is accumulated in one or more vector registers. 8. The system of claim 5 , wherein the plurality of combinational hardware structures each comprise one of an integer arithmetic unit, floating point unit, a memory bus controller, and an interconnect. 9. The system of claim 5 , wherein said monitor hardware detects recurrent burst patterns by determining an interval for a given event train to calculate event density, construct an event density histogram and detect burst patterns, identity significant burst patterns, and determine recurrence of significant bursts. 10. The system of claim 9 , wherein the interval is a multiple of a cycle for the selected combinational hardware structure. 11. The system of claim 10 , wherein the interval is 100,000 CPU cycles. 12. The system of claim 9 , wherein the interval is an inverse of average event rate and an empirical constant based on a maximum and minimum achievable covert timing channel bandwidth rate for the selected combinational hardware structure. 13. The system of claim 9 , wherein the event density histogram includes an estimate a probability distribution of event density based on a number of events for each interval. 14. The system of claim 9 , wherein significant burst patterns are based on a likelihood ratio for a distribution in the event train. 15. The system of claim 9 , wherein if a significant burst pattern is detected, then further determining recurrent patterns of burst. 16. The system of claim 5 , said monitor hardware is further configured to receive events from the selected combinational hardware structure and construct the event train, whereby the event train comprises an occurrence of the received events for the selected combinational hardware structure.