[ovirt-users] KSM and cross-vm attack
Jorick Astrego
j.astrego at netbulae.eu
Thu Jun 12 21:59:52 UTC 2014
Hi,
Maybe I should be posting to the kvm mailing list, but I think people
here should know a thing or two about it.
I just read the following research paper and although the attack was
done on VMWare; from what I read about it, it could be possible with KSM
on KVM also. If you really need tight security it looks like it would be
better to disable KSM.
But don't take my word for it as IANAC (I Am Not A Cryptographer).
http://soylentnews.org/article.pl?sid=14/06/12/1349234&from=rss
Practical Cross-VM AES Full Key Recovery Attack
<http://soylentnews.org/article.pl?sid=14/06/12/1349234>
posted by janrinok <http://soylentnews.org/%7Ejanrinok/> on Thursday
June 12, @02:53PM
**
dbot <http://soylentnews.org/%7Edbot/> writes:
Researchers from Worcester Polytechnic Institute (Worcester, MA),
have published a paper illustrating a practical full Advanced
Encryption Standard key recovery from AES operations preformed in
one virtual machine, by another VM
<http://eprint.iacr.org/2014/435.pdf> [*PDF*] running on the same
hardware at the same time.
The attack specifically requires memory de-duplication to be
enabled, and they target VMWare's VM software. Combining various
attacks on memory de-duplication, and existing side channel attacks:
In summary, this works:
* shows for the first time that de-duplication enables fine
grain cross-VM attacks;
* introduces a new Flush+Reload based attack that does not
require interrupting the victim after each encryption round;
* presents the first practical cross-VM attack on AES; the
attack is generic and can be adapted to any table-based
block ciphers.
They target OpenSSL 1.0.1.
It will be interesting to see if the suggested countermeasure,
flushing the T table cache after each operation (effective against
other Flush+Reload attacks), is added to LibreSSL. Will it be left
out, in the name of performance - or will they move to a different
implementation of AES (not T table-based)?
Kind regards,
Jorick Astrego
Netbulae
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20140612/eac8a777/attachment-0001.html>
More information about the Users
mailing list