Cache side-channel attack for VMs

[peterw]

Abstract:

Flush+Reload is a cache side-channel attack that monitors access to data in shared pages. In this paper we demonstrate
how to use the attack to extract private encryption keys from GnuPG.
The high resolution and low noise of the Flush+Reload attack enables a spy program to recover over 98% of the bits of the private key in a single decryption or signing round. Unlike previous attacks, the attack targets the last level L3 cache. Consequently, the spy program and the victim do not need to share the execution core of the CPU. The attack is not limited to a traditional OS and can be
used in a virtualised environment, where it can attack programs executing in a different VM.

By: Yuval Yarom and Katrina Falkner

Web: http://eprint.iacr.org/2013/448 Direct PDF: http://eprint.iacr.org/2013/448.pdf

This might be the start of new attacks aimed at virtual servers. Memory de-duplication of crypt libs can now cause a lot of security issues.

 

[jarland]

I'm no hacker but this kind of thing has always struck me as a potential risk in a shared environment, but one of low priority as most people are never a target until an automated brainless script is made for the skids. That said, it's certainly an interesting discussion to have, and who knows when one could wake up one morning and find it quite relevant.

 

[Slownode]

And people say I'm paranoid when I say I want hardware level memory lock ranges for programs/guests...

 

[kaniini]

This mostly affects setups which use container virtualization or memory dedup.  Xen, for example, is unlikely to be affected.