Cross-VM side channels and their use to extract private keys

Zhang, Yinqian; Juels, Ari; Reiter, Michael K.; Ristenpart, Thomas

doi:10.1145/2382196.2382230

Cited by 593 publications

(352 citation statements)

References 26 publications

Supporting

Mentioning

351

Contrasting

Order By: Relevance

“…Kocher's suggestion that this class of attacks might be feasible has been more than borne out; see Acıiçmez and Koç's extensive survey [1], which describes attacks that take advantage of the data cache, the instruction cache, the branch prediction unit, and functional unit contention. Unlike simple timing attacks, microarchitectural timing attacks usually require an observer process to run on the same machine as the victim; virtualmachine co-tenancy in a cloud environment can suffice [53].…”

Section: Related Workmentioning

confidence: 99%

On Subnormal Floating Point and Abnormal Timing

Andrysco

Kohlbrenner

Mowery

et al. 2015

2015 IEEE Symposium on Security and Privacy

118

119

View full text Add to dashboard Cite

Abstract-We identify a timing channel in the floating point instructions of modern x86 processors: the running time of floating point addition and multiplication instructions can vary by two orders of magnitude depending on their operands. We develop a benchmark measuring the timing variability of floating point operations and report on its results. We use floating point data timing variability to demonstrate practical attacks on the security of the Firefox browser (versions 23 through 27) and the Fuzz differentially private database. Finally, we initiate the study of mitigations to floating point data timing channels with libfixedtimefixedpoint, a new fixed-point, constant-time math library.Modern floating point standards and implementations are sophisticated, complex, and subtle, a fact that has not been sufficiently recognized by the security community. More work is needed to assess the implications of the use of floating point instructions in security-relevant software.

show abstract

Section: Related Workmentioning

confidence: 99%

On Subnormal Floating Point and Abnormal Timing

Andrysco

Kohlbrenner

Mowery

et al. 2015

2015 IEEE Symposium on Security and Privacy

118

119

View full text Add to dashboard Cite

show abstract

“…DoS attacks can be performed by overloading physical resources of a cloud node or through the virtual network [38]. Cross-VM side channel attacks can be performed by examining the behavior of virtual or physical hardware modules, such as the L2 cache [53], and deducing information about the state of other VMs. Additionally, an infected VM might try to escape the hypervisor using different mechanisms such as privilege escalation or memory brute force attacks.…”

Section: Threat Modelmentioning

confidence: 99%

“…Such behavior usually indicates an in-guest agent attempting to detect the presence of out-of-guest monitors [8]. Furthermore, the rapid querying of the TSC has also been used during side-channel attacks [53].…”

Section: Intrusion Detection and Analysismentioning

confidence: 99%

CloudIDEA: A Malware Defense Architecture for Cloud Data Centers

Fischer

Kittel

Kolosnjaji

et al. 2015

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Due to the proliferation of cloud computing, cloud-based systems are becoming an increasingly attractive target for malware. In an Infrastructure-as-a-Service (IaaS) cloud, malware located in a customer's virtual machine (VM) affects not only this customer, but may also attack the cloud infrastructure and other co-hosted customers directly. This paper presents CloudIDEA, an architecture that provides a security service for malware defense in cloud environments. It combines lightweight intrusion monitoring with on-demand isolation, evidence collection, and in-depth analysis of VMs on dedicated analysis hosts. A dynamic decision engine makes on-demand decisions on how to handle suspicious events considering cost-efficiency and quality-of-service constraints.

show abstract

“…Even proposed hardware solutions can be probed by making benign writes to potentially sensitive addresses and then observing disruptions to unrelated I/O timings. Given the long history of TOCTTOU and other concurrency-based attacks [29,92], combined with a likely timing channel induced by the search mechanism and recent successes exploiting VM-level side channels [94], the risk of an attacker successfully racing with a detector is concerning.…”

Section: B Dynamic Kernel Object Manipulationmentioning

confidence: 99%

SoK: Introspections on Trust and the Semantic Gap

Jain

Baig

Zhang

et al. 2014

2014 IEEE Symposium on Security and Privacy

View full text Add to dashboard Cite

Abstract-An essential goal of Virtual Machine Introspection (VMI) is assuring security policy enforcement and overall functionality in the presence of an untrustworthy OS. A fundamental obstacle to this goal is the difficulty in accurately extracting semantic meaning from the hypervisor's hardwarelevel view of a guest OS, called the semantic gap. Over the twelve years since the semantic gap was identified, immense progress has been made in developing powerful VMI tools.Unfortunately, much of this progress has been made at the cost of reintroducing trust into the guest OS, often in direct contradiction to the underlying threat model motivating the introspection. Although this choice is reasonable in some contexts and has facilitated progress, the ultimate goal of reducing the trusted computing base of software systems is best served by a fresh look at the VMI design space.This paper organizes previous work based on the essential design considerations when building a VMI system, and then explains how these design choices dictate the trust model and security properties of the overall system. The paper then observes portions of the VMI design space which have been under-explored, as well as potential adaptations of existing techniques to bridge the semantic gap without trusting the guest OS.Overall, this paper aims to create an essential checkpoint in the broader quest for meaningful trust in virtualized environments through VM introspection.

show abstract

Cross-VM side channels and their use to extract private keys

Cited by 593 publications

References 26 publications

On Subnormal Floating Point and Abnormal Timing

On Subnormal Floating Point and Abnormal Timing

CloudIDEA: A Malware Defense Architecture for Cloud Data Centers

SoK: Introspections on Trust and the Semantic Gap

Contact Info

Product

Resources

About