[ovirt-users] KSM and cross-vm attack

Friday, 13 June 2014

This is a multi-part message in MIME format.
--------------040006070006020209070007
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Hi,

Maybe I should be posting to the kvm mailing list, but I think people 
here should know a thing or two about it.

I just read the following research paper and although the attack was 
done on VMWare; from what I read about it, it could be possible with KSM 
on KVM also. If you really need tight security it looks like it would be 
better to disable KSM.

But don't take my word for it as IANAC (I Am Not A Cryptographer).

    http://soylentnews.org/article.pl?sid=14/06/12/1349234&amp;from=rss

          Practical Cross-VM AES Full Key Recovery Attack
          <http://soylentnews.org/article.pl?sid=14/06/12/1349234>

    posted by janrinok <http://soylentnews.org/%7Ejanrinok/> on Thursday
    June 12, @02:53PM
    **

    dbot <http://soylentnews.org/%7Edbot/> writes:

    Researchers from Worcester Polytechnic Institute (Worcester, MA),
    have published a paper illustrating a practical full Advanced
    Encryption Standard key recovery from AES operations preformed in
    one virtual machine, by another VM
    <http://eprint.iacr.org/2014/435.pdf> [*PDF*] running on the same
    hardware at the same time.

    The attack specifically requires memory de-duplication to be
    enabled, and they target VMWare's VM software. Combining various
    attacks on memory de-duplication, and existing side channel attacks:

        In summary, this works:

          * shows for the first time that de-duplication enables fine
            grain cross-VM attacks;
          * introduces a new Flush+Reload based attack that does not
            require interrupting the victim after each encryption round;
          * presents the first practical cross-VM attack on AES; the
            attack is generic and can be adapted to any table-based
            block ciphers.

    They target OpenSSL 1.0.1.

    It will be interesting to see if the suggested countermeasure,
    flushing the T table cache after each operation (effective against
    other Flush+Reload attacks), is added to LibreSSL. Will it be left
    out, in the name of performance - or will they move to a different
    implementation of AES (not T table-based)?

Kind regards,

Jorick Astrego
Netbulae

--------------040006070006020209070007
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<html>
  <head>

    <meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    Hi,<br>
    <br>
    Maybe I should be posting to the kvm mailing list, but I think
    people here should know a thing or two about it.<br>
    <br>
    I just read the following research paper and although the attack was
    done on VMWare; from what I read about it, it could be possible with
    KSM on KVM also. If you really need tight security it looks like it
    would be better to disable KSM. <br>
    <br>
    But don't take my word for it as IANAC (I Am Not A Cryptographer). <br>
    <blockquote><a class="moz-txt-link-freetext"
href="http://soylentnews.org/article.pl?sid=14/06/12/1349234&amp...
      <div class="generaltitle">
        <div class="title">
          <h3> <a

href="http://soylentnews.org/article.pl?sid=14/06/12/1349234"&g...
              Cross-VM AES Full Key Recovery Attack</a> </h3>
        </div>
      </div>
      <div class="body"> posted by <a
          href="http://soylentnews.org/%7Ejanrinok/"> janrinok</a> on
        Thursday June 12, @02:53PM &nbsp; <br>
        <strong></strong>
        <div class="intro">
          <p class="byline"> <a
href="http://soylentnews.org/%7Edbot/">dbot</a>
            writes:</p>
          <p>Researchers from Worcester Polytechnic Institute
            (Worcester, MA), have published a paper illustrating a <a
              href="http://eprint.iacr.org/2014/435.pdf">practical full
              Advanced Encryption Standard key recovery from AES
              operations preformed in one virtual machine, by another VM</a>
            [<b>PDF</b>] running on the same hardware at the same
time.</p>
          <p>The attack specifically requires memory de-duplication to
            be enabled, and they target VMWare's VM software. Combining
            various attacks on memory de-duplication, and existing side
            channel attacks:</p>
          <blockquote>
            <div>
              <p>In summary, this works:</p>
              <ul>
                <li>shows for the first time that de-duplication enables
                  fine grain cross-VM attacks;</li>
                <li>introduces a new Flush+Reload based attack that does
                  not require interrupting the victim after each
                  encryption round;</li>
                <li>presents the first practical cross-VM attack on AES;
                  the attack is generic and can be adapted to any
                  table-based block ciphers.</li>
              </ul>
            </div>
          </blockquote>
          <p>They target OpenSSL 1.0.1.</p>
          <p>It will be interesting to see if the suggested
            countermeasure, flushing the T table cache after each
            operation (effective against other Flush+Reload attacks), is
            added to LibreSSL. Will it be left out, in the name of
            performance - or will they move to a different
            implementation of AES (not T table-based)?</p>
        </div>
      </div>
    </blockquote>
    Kind regards,<br>
    <br>
    Jorick Astrego<br>
    Netbulae<br>
  </body>
</html>

--------------040006070006020209070007--

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

[ovirt-users] KSM and cross-vm attack