Fine grain Cross-VM Attacks on Xen and VMware are possible!

Therefore long term co-location, as required by other fine grain attacks in the literature, are not needed. ... Furthermore, the attack works in a realistic setting where different VMs are located on separate cores. ... [15] used Bernstein's attack to partially recover an AES key from a cross-VM attack running in XEN and VMware. ...

doi:10.1007/978-3-319-11379-1_15 fatcat:jm3idb5umffg3a4dolgpy6louy

In this work, we introduce a fine-grain cross-core cache attack that exploits access time variations on the last level cache. ... The attack recovers AES keys in the cross-VM setting on Xen 4.1 with deduplication disabled, being only slightly less efficient than the flush and reload attack. ... We would also like to thank Craig Shue for his help on understanding huge page allocation procedures. ...

doi:10.1109/sp.2015.42 dblp:conf/sp/ApececheaES15 fatcat:yvu2nrgolfbcnb6hdjzl2ksteu

One of the most sophisticated forms of attack is the cross-VM cache side channel attack that exploits shared cache memory between VMs. ... However, virtualization introduces serious threats to service delivery such as Denial of Service (DoS) attacks, Cross-VM Cache Side Channel attacks, Hypervisor Escape and Hyper-jacking. ... correlation attack as a base for the first time in a virtual environment, Irazoqui et al. (2014a) show that cross-VM side channel attacks on VMware, Xen and KVM are possible. ...

arXiv:1606.01356v1 fatcat:tvyk6qhd2fdbpnjbkth2s3ag7i

Open Access

We focus on potential vulnerabilities and existing attacks on various virtualization platforms, but we also briefly sketch some possible countermeasures. ... Moreover, the adversary model and the structuring of the attack vectors are original contributions, never published before. ... Pictograms and icons used for figures are created by Zsombor Kiss (http://www.kisszsombor.com). ...

doi:10.1145/2480741.2480757 fatcat:fabkxb2gujhszmeqw6xu4tho7q

This paper details the construction of an access-driven sidechannel attack by which a malicious virtual machine (VM) extracts fine-grained information from a victim VM running on the same physical computer ... This attack is the first such attack demonstrated on a symmetric multiprocessing system virtualized using a modern VMM (Xen). ... Acknowledgments We are grateful to Victor Heorhiadi for his help with experiment setup and for his comments on drafts of this paper, and to Jan Prins for helpful discussions on sequencereconstruction algorithms ...

doi:10.1145/2382196.2382230 dblp:conf/ccs/ZhangJRR12 fatcat:i724fii3mzazln5lk2kryhvpsq

The consolidation focus is on enterprise workloads that are a mix of compute and I/O intensive workloads. ... Based on the observed lacunae, an end-to-end system virtualization architecture is proposed and evaluated. , © Springer-Verlag London Limited 2011 23 24 J. Lakshmi and S.K. Nandy cations. ... Acknowledgements Credits for this work are due to all those unknown reviewers who have meticulously pointed out deficiencies and improvements over several rounds of reviews and also to the summer interns ...

doi:10.1007/978-0-85729-049-6_2 fatcat:ppd2qpox5ndhblnawd6p53swcu

To address this limitation, recent solutions based on virtual machine (VM) technologies advocate placing the malware detection facilities outside of the protected VM ("out-ofthe-box"). ... More specifically, the new technique casts semantic definitions of guest OS data structures and functions on virtual machine monitor (VMM)level VM states, so that the semantic view can be reconstructed ... ACKNOWLEDGMENTS The authors would like to thank the anonymous ACM Transactions on Information and System Security (TISSEC) reviewers whose comments have greatly helped to improve the presentation of this ...

doi:10.1145/1698750.1698752 fatcat:qoewcyolsvcdbdtcgklbifgzj4

Many of the cross-site and cross-organizational advantages offered by Grid computing are lost. ... An approach is presented for the dynamic network isolation of Grid users from each other as well as a mechanism for shielding the Grid infrastructure from malicious users and attacks from the Internet. ... ACKNOWLEDGMENTS This work is partly supported by the German Ministry of Education and Research (BMBF) (D-Grid Initiative). ...

doi:10.1109/seaa.2009.73 dblp:conf/euromicro/SchmidtFSF09 fatcat:n2vqjg2curgynk3wxgptrdlpke

are known at the hypervisor level. ... to attacks with high reliability. ... The proposed method may detect other escape attacks Vulnerability name Affected platforms CVE-2007-1744 VMWare CVE-2008-0923 VMWare CVE-2009-1244 VMware CVE-2012-0217 Xen CVE-2014-0983 VirtualBox ...

doi:10.1155/2018/9410278 fatcat:qyp2m6mrxba37fmhkqtrjzuyne

DOAJ

Even if the benefits in terms of performance, maintenance, and cost are evident, virtualization has also been exploited by attackers to devise new ways to compromise a system. ... We also categorize threat models, security and trust assumptions, and attacks against a virtualized system at the different layers, in particular hardware, virtualization, OS, application. ... The sources of attacks can be further fine-grained if we consider entities such as the manufacturer of the hardware used by the provider, the developers of the software run by the provider, and, in general ...

doi:10.1145/2856126 fatcat:hyacg4sfzjhdpmp6es3ki7nqlu

These multi-tenant environments, on which numerous large and popular web-based applications run today, are founded on the belief that the virtualization platform is sufficiently secure to prevent breaches ... of isolation between different users who are co-located on the same host. ... at the University of British Columbia and at the University of Cambridge for their suggestions and feedback. ...

doi:10.1145/2043556.2043575 dblp:conf/sosp/ColpNZACDLW11 fatcat:fbjw2sbobvffzbsm6eky4eekoy

We survey recent attacks that exploit microarchitectural features in shared hardware, especially as they are relevant for cloud computing. ... We finally discuss trends in the attacks, challenges to combating them, and future directions, especially with respect to hardware support. ... Acknowledgements We would like to thank Toby Murray for his comments and feedback. ...

doi:10.1007/s13389-016-0141-6 fatcat:7fvkr7h54rbl5mx6vrochsgtkm

1 The browser has become a popular attack vector for implanting code on computer operating systems. ... Equally critical, important sessions, such as online banking, must be protected from cross-site attacks from other concurrent sessions. ... This design provides a fine-grained isolation among different subsystems in a browser. ...

doi:10.1109/hicss.2010.324 dblp:conf/hicss/WangHG10 fatcat:l5vdvttqsnam7plokzlrxvbxke

Hence in this research paper, a detailed survey of cloud computing, concepts, architectural principles, key services, and implementation, design and deployment challenges of cloud computing are discussed ... <p>Cloud computing has sweeping impact on the human productivity. Today it's used for Computing, Storage, Predictions and Intelligent Decision Making, among others. ... Cloud can face various threats due to Virtual machines such as cross VM attacks, VM migration attacks, stepping stone attacks, VM escape and VM isolation attack. ...

doi:10.11591/ijict.v9i2.pp117-139 fatcat:lomksiacnnbodfmxkkdwucmjbq

Open Access

Experiments in the lab and on public clouds show that Düppel effectively obfuscates timing signals available to an attacker VM via these caches and incurs modest performance overheads (at most 7% and usually ... This paper presents the design, implementation and evaluation of a system called Düppel that enables a tenant virtual machine to defend itself from cache-based side-channel attacks in public clouds. ... This work was supported in part by NSF grants 0910483 and 1330599, the Science of Security Lablet at North Carolina State University, a gift from VMWare and Google PhD Fellowship to Yinqian Zhang. ...

doi:10.1145/2508859.2516741 dblp:conf/ccs/ZhangR13 fatcat:axty5jofjncqdljxz6cxgasa6m

Wait a Minute! A fast, Cross-VM Attack on AES [chapter]

Preserved Fulltext

S$A: A Shared Cache Attack That Works across Cores and Defies VM Sandboxing -- and Its Application to AES

Preserved Fulltext

Virtualization Technology: Cross-VM Cache Side Channel Attacks make it Vulnerable [article]

Preserved Fulltext

A survey of security issues in hardware virtualization

Preserved Fulltext

Cross-VM side channels and their use to extract private keys

Preserved Fulltext

Quality of Service for I/O Workloads in Multicore Virtualized Servers [chapter]

Preserved Fulltext

Stealthy malware detection and monitoring through VMM-based "out-of-the-box" semantic view reconstruction

Preserved Fulltext

Secure Service-Oriented Grid Computing with Public Virtual Worker Nodes

Preserved Fulltext

Secure Virtualization Environment Based on Advanced Memory Introspection

Preserved Fulltext

Evolution of Attacks, Threat Models, and Solutions for Virtualized Systems

Preserved Fulltext

Breaking up is hard to do

Preserved Fulltext

A survey of microarchitectural timing attacks and countermeasures on contemporary hardware

Preserved Fulltext

SafeFox: A Safe Lightweight Virtual Browsing Environment

Preserved Fulltext

Cloud computing survey on services, enhancements and challenges in the era of machine learning and data science

Preserved Fulltext

Düppel

Preserved Fulltext