This work exposes further vulnerabilities in virtualized
cloud servers by mounting Cross-VM cache attacks in
Xen and VMware VMs targeting AES running in the
victim VM. Even though there exists a rich literature on
cache attacks on AES, so far only a single work, demonstrating
a working attack on an ARM platform running
a L4Re virtualization layer has been published. Here
we show that AES in a number popular cryptographic
libraries including OpenSSL, PolarSSL and Libgcrypt
are vulnerable to Bernstein’s correlation attack when run
in Xen and VMware (bare metal version) VMs, the most
popular VMs used by cloud service providers (CSP) such
as Amazon and Rackspace. We also show that the vulnerability
persists even if the VMs are placed on different
cores in the same machine. The results of this study
shows that there is a great security risk to AES and (data
encrypted under AES) on popular cloud services
more here............https://eprint.iacr.org/2014/248.pdf
Image may be NSFW.cloud servers by mounting Cross-VM cache attacks in
Xen and VMware VMs targeting AES running in the
victim VM. Even though there exists a rich literature on
cache attacks on AES, so far only a single work, demonstrating
a working attack on an ARM platform running
a L4Re virtualization layer has been published. Here
we show that AES in a number popular cryptographic
libraries including OpenSSL, PolarSSL and Libgcrypt
are vulnerable to Bernstein’s correlation attack when run
in Xen and VMware (bare metal version) VMs, the most
popular VMs used by cloud service providers (CSP) such
as Amazon and Rackspace. We also show that the vulnerability
persists even if the VMs are placed on different
cores in the same machine. The results of this study
shows that there is a great security risk to AES and (data
encrypted under AES) on popular cloud services
more here............https://eprint.iacr.org/2014/248.pdf
Clik here to view.