Title :
Fine Grain Cross-VM Attacks on Xen and VMware
Author :
Irazoqui, Gorka ; Inci, Mehmet Sinan ; Eisenbarth, Thomas ; Sunar, Berk
Abstract :
This work exposes vulnerabilities in virtualized cloud servers by mounting Cross-VM cache attacks in Xen and VMware VMs. We show for the first time that AES implementations in a number popular cryptographic libraries including Open SSL, Polar SSL and Libgcrypt have non-constant execution times and are vulnerable to Bernstein´s correlation attack when run in Xen and VMware (bare metal version) VMs. We show that the vulnerability persists even if the VMs are running on different cores in the same machine. Experiments on Amazon EC2 and Google Compute Engine highlight the practical implications of the found vulnerability. The results of this study show that there remains a security risk to AES implementations of popular libraries and data encrypted under AES on popular cloud services.
Keywords :
cache storage; cloud computing; cryptography; risk management; virtual machines; virtualisation; AES implementations; Amazon EC2; Bernstein correlation attack; Google Compute Engine; Libgcrypt; Open SSL; Polar SSL; VMware VM; Xen VM; cloud services; cryptographic libraries; fine grain cross-VM cache attacks; nonconstant execution times; security risk; virtual machines; virtualized cloud servers; vulnerabilities; Abstracts; Big data; Cloud computing; Conferences; Government; Prefetching; Servers; AES key recovery attack; Cross-VM attacks; Cryptographic Libraries; cache timing attacks; virtualization;
Conference_Titel :
Big Data and Cloud Computing (BdCloud), 2014 IEEE Fourth International Conference on
Conference_Location :
Sydney, NSW
DOI :
10.1109/BDCloud.2014.102
