178 Hits in 4.3 sec

Wait a Minute! A fast, Cross-VM Attack on AES [chapter]

Gorka Irazoqui, Mehmet Sinan Inci, Thomas Eisenbarth, Berk Sunar
2014 Lecture Notes in Computer Science  
Therefore long term co-location, as required by other fine grain attacks in the literature, are not needed.  ...  Furthermore, the attack works in a realistic setting where different VMs are located on separate cores.  ...  [15] used Bernstein's attack to partially recover an AES key from a cross-VM attack running in XEN and VMware.  ... 
doi:10.1007/978-3-319-11379-1_15 fatcat:jm3idb5umffg3a4dolgpy6louy

S$A: A Shared Cache Attack That Works across Cores and Defies VM Sandboxing -- and Its Application to AES

Gorka Irazoqui, Thomas Eisenbarth, Berk Sunar
2015 2015 IEEE Symposium on Security and Privacy  
In this work, we introduce a fine-grain cross-core cache attack that exploits access time variations on the last level cache.  ...  The attack recovers AES keys in the cross-VM setting on Xen 4.1 with deduplication disabled, being only slightly less efficient than the flush and reload attack.  ...  We would also like to thank Craig Shue for his help on understanding huge page allocation procedures.  ... 
doi:10.1109/sp.2015.42 dblp:conf/sp/ApececheaES15 fatcat:yvu2nrgolfbcnb6hdjzl2ksteu

Virtualization Technology: Cross-VM Cache Side Channel Attacks make it Vulnerable [article]

Alan Litchfield, Abid Shahzad
2016 arXiv   pre-print
One of the most sophisticated forms of attack is the cross-VM cache side channel attack that exploits shared cache memory between VMs.  ...  However, virtualization introduces serious threats to service delivery such as Denial of Service (DoS) attacks, Cross-VM Cache Side Channel attacks, Hypervisor Escape and Hyper-jacking.  ...  correlation attack as a base for the first time in a virtual environment, Irazoqui et al. (2014a) show that cross-VM side channel attacks on VMware, Xen and KVM are possible.  ... 
arXiv:1606.01356v1 fatcat:tvyk6qhd2fdbpnjbkth2s3ag7i

A survey of security issues in hardware virtualization

Gábor Pék, Levente Butty´an, Boldizsár Bencsáth
2013 ACM Computing Surveys  
We focus on potential vulnerabilities and existing attacks on various virtualization platforms, but we also briefly sketch some possible countermeasures.  ...  Moreover, the adversary model and the structuring of the attack vectors are original contributions, never published before.  ...  Pictograms and icons used for figures are created by Zsombor Kiss (  ... 
doi:10.1145/2480741.2480757 fatcat:fabkxb2gujhszmeqw6xu4tho7q

Cross-VM side channels and their use to extract private keys

Yinqian Zhang, Ari Juels, Michael K. Reiter, Thomas Ristenpart
2012 Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12  
This paper details the construction of an access-driven sidechannel attack by which a malicious virtual machine (VM) extracts fine-grained information from a victim VM running on the same physical computer  ...  This attack is the first such attack demonstrated on a symmetric multiprocessing system virtualized using a modern VMM (Xen).  ...  Acknowledgments We are grateful to Victor Heorhiadi for his help with experiment setup and for his comments on drafts of this paper, and to Jan Prins for helpful discussions on sequencereconstruction algorithms  ... 
doi:10.1145/2382196.2382230 dblp:conf/ccs/ZhangJRR12 fatcat:i724fii3mzazln5lk2kryhvpsq

Quality of Service for I/O Workloads in Multicore Virtualized Servers [chapter]

J. Lakshmi, S. K. Nandy
2011 Grids, Clouds and Virtualization  
The consolidation focus is on enterprise workloads that are a mix of compute and I/O intensive workloads.  ...  Based on the observed lacunae, an end-to-end system virtualization architecture is proposed and evaluated. , © Springer-Verlag London Limited 2011 23 24 J. Lakshmi and S.K. Nandy cations.  ...  Acknowledgements Credits for this work are due to all those unknown reviewers who have meticulously pointed out deficiencies and improvements over several rounds of reviews and also to the summer interns  ... 
doi:10.1007/978-0-85729-049-6_2 fatcat:ppd2qpox5ndhblnawd6p53swcu

Stealthy malware detection and monitoring through VMM-based "out-of-the-box" semantic view reconstruction

Xuxian Jiang, Xinyuan Wang, Dongyan Xu
2010 ACM Transactions on Privacy and Security  
To address this limitation, recent solutions based on virtual machine (VM) technologies advocate placing the malware detection facilities outside of the protected VM ("out-ofthe-box").  ...  More specifically, the new technique casts semantic definitions of guest OS data structures and functions on virtual machine monitor (VMM)level VM states, so that the semantic view can be reconstructed  ...  ACKNOWLEDGMENTS The authors would like to thank the anonymous ACM Transactions on Information and System Security (TISSEC) reviewers whose comments have greatly helped to improve the presentation of this  ... 
doi:10.1145/1698750.1698752 fatcat:qoewcyolsvcdbdtcgklbifgzj4

Secure Service-Oriented Grid Computing with Public Virtual Worker Nodes

Matthias Schmidt, Niels Fallenbeck, Matthew Smith, Bernd Freisleben
2009 2009 35th Euromicro Conference on Software Engineering and Advanced Applications  
Many of the cross-site and cross-organizational advantages offered by Grid computing are lost.  ...  An approach is presented for the dynamic network isolation of Grid users from each other as well as a mechanism for shielding the Grid infrastructure from malicious users and attacks from the Internet.  ...  ACKNOWLEDGMENTS This work is partly supported by the German Ministry of Education and Research (BMBF) (D-Grid Initiative).  ... 
doi:10.1109/seaa.2009.73 dblp:conf/euromicro/SchmidtFSF09 fatcat:n2vqjg2curgynk3wxgptrdlpke

Secure Virtualization Environment Based on Advanced Memory Introspection

Shuhui Zhang, Xiangxu Meng, Lianhai Wang, Lijuan Xu, Xiaohui Han
2018 Security and Communication Networks  
are known at the hypervisor level.  ...  to attacks with high reliability.  ...  The proposed method may detect other escape attacks Vulnerability name Affected platforms CVE-2007-1744 VMWare CVE-2008-0923 VMWare CVE-2009-1244 VMware CVE-2012-0217 Xen CVE-2014-0983 VirtualBox  ... 
doi:10.1155/2018/9410278 fatcat:qyp2m6mrxba37fmhkqtrjzuyne

Evolution of Attacks, Threat Models, and Solutions for Virtualized Systems

Daniele Sgandurra, Emil Lupu
2016 ACM Computing Surveys  
Even if the benefits in terms of performance, maintenance, and cost are evident, virtualization has also been exploited by attackers to devise new ways to compromise a system.  ...  We also categorize threat models, security and trust assumptions, and attacks against a virtualized system at the different layers, in particular hardware, virtualization, OS, application.  ...  The sources of attacks can be further fine-grained if we consider entities such as the manufacturer of the hardware used by the provider, the developers of the software run by the provider, and, in general  ... 
doi:10.1145/2856126 fatcat:hyacg4sfzjhdpmp6es3ki7nqlu

Breaking up is hard to do

Patrick Colp, Mihir Nanavati, Jun Zhu, William Aiello, George Coker, Tim Deegan, Peter Loscocco, Andrew Warfield
2011 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles - SOSP '11  
These multi-tenant environments, on which numerous large and popular web-based applications run today, are founded on the belief that the virtualization platform is sufficiently secure to prevent breaches  ...  of isolation between different users who are co-located on the same host.  ...  at the University of British Columbia and at the University of Cambridge for their suggestions and feedback.  ... 
doi:10.1145/2043556.2043575 dblp:conf/sosp/ColpNZACDLW11 fatcat:fbjw2sbobvffzbsm6eky4eekoy

A survey of microarchitectural timing attacks and countermeasures on contemporary hardware

Qian Ge, Yuval Yarom, David Cock, Gernot Heiser
2016 Journal of Cryptographic Engineering  
We survey recent attacks that exploit microarchitectural features in shared hardware, especially as they are relevant for cloud computing.  ...  We finally discuss trends in the attacks, challenges to combating them, and future directions, especially with respect to hardware support.  ...  Acknowledgements We would like to thank Toby Murray for his comments and feedback.  ... 
doi:10.1007/s13389-016-0141-6 fatcat:7fvkr7h54rbl5mx6vrochsgtkm

SafeFox: A Safe Lightweight Virtual Browsing Environment

Jiang Wang, Yih Huang, A. Ghosh
2010 2010 43rd Hawaii International Conference on System Sciences  
1 The browser has become a popular attack vector for implanting code on computer operating systems.  ...  Equally critical, important sessions, such as online banking, must be protected from cross-site attacks from other concurrent sessions.  ...  This design provides a fine-grained isolation among different subsystems in a browser.  ... 
doi:10.1109/hicss.2010.324 dblp:conf/hicss/WangHG10 fatcat:l5vdvttqsnam7plokzlrxvbxke

Cloud computing survey on services, enhancements and challenges in the era of machine learning and data science

Wajid Hassan, Te-Shun Chou, Omar Tamer, John Pickard, Patrick Appiah-Kubi, Leslie Pagliari
2020 International Journal of Informatics and Communication Technology (IJ-ICT)  
Hence in this research paper, a detailed survey of cloud computing, concepts, architectural principles, key services, and implementation, design and deployment challenges of cloud computing are discussed  ...  <p>Cloud computing has sweeping impact on the human productivity. Today it's used for Computing, Storage, Predictions and Intelligent Decision Making, among others.  ...  Cloud can face various threats due to Virtual machines such as cross VM attacks, VM migration attacks, stepping stone attacks, VM escape and VM isolation attack.  ... 
doi:10.11591/ijict.v9i2.pp117-139 fatcat:lomksiacnnbodfmxkkdwucmjbq


Yinqian Zhang, Michael K. Reiter
2013 Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13  
Experiments in the lab and on public clouds show that Düppel effectively obfuscates timing signals available to an attacker VM via these caches and incurs modest performance overheads (at most 7% and usually  ...  This paper presents the design, implementation and evaluation of a system called Düppel that enables a tenant virtual machine to defend itself from cache-based side-channel attacks in public clouds.  ...  This work was supported in part by NSF grants 0910483 and 1330599, the Science of Security Lablet at North Carolina State University, a gift from VMWare and Google PhD Fellowship to Yinqian Zhang.  ... 
doi:10.1145/2508859.2516741 dblp:conf/ccs/ZhangR13 fatcat:axty5jofjncqdljxz6cxgasa6m
« Previous Showing results 1 — 15 out of 178 results