Cross-VM side channels and their use to extract private keys

Yinqian Zhang, Ari Juels, Michael K. Reiter, Thomas Ristenpart
2012 Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12  
This paper details the construction of an access-driven sidechannel attack by which a malicious virtual machine (VM) extracts fine-grained information from a victim VM running on the same physical computer. This attack is the first such attack demonstrated on a symmetric multiprocessing system virtualized using a modern VMM (Xen). Such systems are very common today, ranging from desktops that use virtualization to sandbox application or OS compromises, to clouds that co-locate the workloads of
more » ... utually distrustful customers. Constructing such a side-channel requires overcoming challenges including core migration, numerous sources of channel noise, and the difficulty of preempting the victim with sufficient frequency to extract fine-grained information from it. This paper addresses these challenges and demonstrates the attack in a lab setting by extracting an ElGamal decryption key from a victim using the most recent version of the libgcrypt cryptographic library.
doi:10.1145/2382196.2382230 dblp:conf/ccs/ZhangJRR12 fatcat:i724fii3mzazln5lk2kryhvpsq