Schneier on Security's Journal
[Most Recent Entries]
[Calendar View]
Friday, November 16th, 2012
| Time |
Event |
| 6:13a |
Stealing VM Keys from the Hardware Cache Research into one VM stealing crypto keys from another VM running on the same hardware.
ABSTRACT: This paper details the construction of an access-driven side-channel attack by which a malicious virtual machine (VM) extracts fine-grained information from a victim VM running on the same physical computer. This attack is the first such attack demonstrated on a symmetric multiprocessing system virtualized using a modern VMM (Xen). Such systems are very common today, ranging from desktops that use virtualization to sandbox application or OS compromises, to clouds that co-locate the workloads of mutually distrustful customers. Constructing such a side-channel requires overcoming challenges including core migration, numerous sources of channel noise, and the difficulty of preempting the victim with sufficient frequency to extract fine-grained information from it. This paper addresses these challenges and demonstrates the attack in a lab setting by extracting an ElGamal decryption key from a victim using the most recent version of the libgcrypt cryptographic library.
Two articles. | | 12:11p |
Jamming 4G Cell Networks It's easy. | | 4:30p |
Friday Squid Blogging: Vampire Squid Vampire squid eats marine wastes (paper and video).
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. |
|