Cloudy VMs leak ID details that could allow attacks, says researcher

Hot chips and other kit produce artefacts that let bad guys indentify and isolate VMs

Research published by a US masters student reaches the somewhat unsettling conclusion that current cloud technologies don't separate virtual machines (VMs) as well as they could.

By spying on shared resources at a low level, the research suggests, an attacker's VM can retrieve data written by another (like crypto keys), and watch what other machines are doing.

Conceptually, the idea is simple to render as a metaphor: since you know you haven't yet boiled the kettle this morning, if it's hot, your partner has already had coffee.

The problem, according to author Sophia D'Antoine (a masters researcher at Rensselaer Polytechnic Institute in New York), is simple: virtualised environments by definition share physical resources, and that opens a side-channel attack that can leak data.

Presented at June's REcon 2015 conference and outlined here, D'Antoine explains that “a single virtual machine can continuously measure artefacts from its virtual allocation of a single hardware component and not changes it did not cause”.

In other words, since VMs share the processor (the attack vector D'Antoine demonstrates), one VM can infer another's activity by watching the processor.

To demonstrate this, she has created software to act as “sender” and “receiver”, and a message encoding scheme, to create “an effective attack vector”.

The full low-level explanation of D'Antoine's analysis of the interaction between VMs, hypervisors and processors is here.

For the test environment, D'Antoine used a machine with Xeon processors, with eight logical CPUs on four cores, six VMs, simultaneous multi-threading (SMT) enabled, and the Xen hypervisor over the top.

The highlights, however, are highlights indeed. D'Antoine notes demonstrated attacks include:

  • Key theft – if two VMs are allocated the same L3 cache address at different times, “The attacker flushes a certain cache address, waits for the victim to use that address, then queries it again – recording the new values that are there”;
  • Process monitoring – she says that if an attacker applies machine learning to sufficient recording of what CPU or memory activity, “a mapping between the recording to a specific running process can be constructed with a varied degree of certainty”;
  • Environment keying – with enough environment recordings, one server can be uniquely identified from another in the same cloud, which is useful “to prove that two virtual machines you control are co-resident on the same physical server”.

As D'Antoine says in her REcon presentation slides (PDF), mitigations are available, but only at the cost of losing some cloud efficiency payoffs.

In particular, she says, VMs need to be properly isolated from each other, hyperthreading should be turned off, and sys admins should apply blacklisting to “resources for concurrent threads”. ®

Biting the hand that feeds IT © 1998–2018