[ovirt-users] KSM and cross-vm attack

Sven Kieske S.Kieske at mittwald.de
Fri Jun 13 07:38:00 UTC 2014 

Hi,

it's kind of you to let those know
about these attacks who do not already know them, but
this should be well understood by every professional by know.

Shared resources are never secure, if you
can not control the access from third parties
to shared memory.

this does not just affect KSM (or similar
techniques from vmware, xen and microsoft)
but also L3-Caches of modern CPUs.

If you are interested in these topics, here are some papers:

L3-Side-Channel attack to recover private
GPG-Keys from another VM:

http://eprint.iacr.org/2013/448.pdf

Correlation attack against openssl,
polarssl and libgcrypt on xen and vmware:

https://eprint.iacr.org/2014/248.pdf

I don't know if IBMs PowerVM is vulnerable to such
attacks, as it's LPAR architecture is certified
EAL 4+ (which might not tell anything about this attack
vector).

But you always need to have in mind, what attack
scenario you talk about:

These attacks are about a malicious vm (this could be a
hacked/hijacked vm) which recovers parts of the shared memory
from a known other instance to attack.

if you have high security concerns you might want _not_
to share your physical server with third party controlled
vms, or with vms which might be the target of getting hacked
(or which runs software, which is known to be vulnerable).

I still consider this scenario not as that relevant today, as
there are many more low hanging fruits (sadly).

This means in short:

For the most parts, it's easier to hack you machine directly
or social-engineer your way into it, than it is to hack/get
access to a different vm on the same system and than hack another vm.

There are also still no automatic tools for this, which I'm aware of
(if they are, I'd like to be pointed to them).

As soon as automatic attack tools will cover this scenario I'm pretty
sure we'll see an increase in hacked vms and sniffed private keys.


HTH

-- 
Mit freundlichen Grüßen / Regards

Sven Kieske

Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen

More information about the Users mailing list