Quantcast
Viewing all articles
Browse latest Browse all 8064

Paper: Fine grain Cross-VM Attacks on Xen and VMware are possible!

This work exposes further vulnerabilities in virtualized
cloud servers by mounting Cross-VM cache attacks in
Xen and VMware VMs targeting AES running in the
victim VM. Even though there exists a rich literature on
cache attacks on AES, so far only a single work, demonstrating
a working attack on an ARM platform running
a L4Re virtualization layer has been published. Here
we show that AES in a number popular cryptographic
libraries including OpenSSL, PolarSSL and Libgcrypt
are vulnerable to Bernstein’s correlation attack when run
in Xen and VMware (bare metal version) VMs, the most
popular VMs used by cloud service providers (CSP) such
as Amazon and Rackspace. We also show that the vulnerability
 persists even if the VMs are placed on different
cores in the same machine. The results of this study
shows that there is a great security risk to AES and (data
encrypted under AES) on popular cloud services


more here............https://eprint.iacr.org/2014/248.pdf
Image may be NSFW.
Clik here to view.

Viewing all articles
Browse latest Browse all 8064

Trending Articles