Feeds

back to article Boffins foul VM sandboxes with CPU-sniffing hack

So much for your sandbox US researchers at RSA, the University of Wisconsin and the University of North Carolina have used a malicious virtual machine to extract a cryptographic key from another virtual machine running on the same hardware. The finding, published here (PDF), will not be welcomed by virtualisation companies or …

COMMENTS

This topic is closed for new posts.
Bronze badge
Boffin

Sounds a lot like this…

http://www.daemonology.net/hyperthreading-considered-harmful/

0
0
Bronze badge

Side Channel

Isn't this just a (very clever) update to the old fashioned CPU side channel attack ? My google foo is weak this morning, but I remember this being an issue many years ago when multi-core CPUs started becoming common.

0
1
Bronze badge

Re: Side Channel

It's a side channel attack, or rather a class of side channel attacks, yes. But every attack is in some sense an "update" on attacks that came before.

In any case, I'm not sure why it's interesting to call this an "update". Either it's an interesting approach, or it isn't. (It is.)

0
0
WTF?

Doesn't work with SMP??

"none were shown to work in symmetric multi-processing (SMP) settings."

Surely cloud providers don't host VMs on single processor boxes, so making this attack unlikely to work in th real world.

1
0
Stop

Re: Doesn't work with SMP??

Good spot. Author should have noticed this! This makes the assault next to useless.

0
0

Re: Doesn't work with SMP??

This statement is from the "Background" section of the paper stating that **past** attempts didn't work with SMP. The abstract reads "This attack is the first such attack demonstrated on a symmetric multiprocessing system virtualized using a modern VMM (Xen)."

0
0
Bronze badge
Childcatcher

Re: Doesn't work with SMP??

Additionally, cloud services are not the only area in which VMs are used. There is some potential for their use on desktops and other personal devices as part of the OS security model:

http://www.theregister.co.uk/2012/09/05/qubes_secure_os_released/

0
0

Re: Doesn't work with SMP??

It's nice and easy with hyperthreading, because the attacker thread and victim thread are actually sharing a CPU core, but a lot of these side-channel attacks will work to varying extents as long as *something* is shared: the L2 or L3 cache on a multi-core chip, main memory bus within a single server - the hardcore crypto guys even retrieve keys using only the power supply, looking for the tiny power fluctuations as you manipulate a 1 or a 0. Not to mention the likes of TEMPEST, where just being close enough to pick up radio frequency leakage or the light from a computer monitor can be enough to reconstruct the data or screen display.

If you're handling nuclear launch codes or running an online banking service, you worry about this stuff and put your processor in your own bunker with its own generators and air conditioning ... if you're hosting TheReg, you don't even bother with SSL in the first place, let alone take hardcore precautions to safeguard the ultra-precious SSL key!

Something to bear in mind if your keys are very, very valuable (i.e. will have people with serious resources coming after the key): the likes of Windows Update's software signing key, for example - or root/TLD DNSSEC keys. Of course, that's one reason why most of these signing systems are designed for *offline* signing: you can keep the actual keys on a piece of hardware locked in a safe, and it's pretty tricky to hack into a switched-off laptop in a safe somewhere...

0
0
This topic is closed for new posts.