Professional Documents
Culture Documents
Fine Grain Cross-Vm Attacks On Xen and Vmware Are Possible!
Fine Grain Cross-Vm Attacks On Xen and Vmware Are Possible!
Gorka Irazoqui Apecechea, Mehmet Sinan Inci, Thomas Eisenbarth, Berk Sunar
Worcester Polytechnic Institute
{girazoki,msinci,teisenbarth,sunar}@wpi.edu
Abstract
This work exposes further vulnerabilities in virtualized
cloud servers by mounting Cross-VM cache attacks in
Xen and VMware VMs targeting AES running in the
victim VM. Even though there exists a rich literature on
cache attacks on AES, so far only a single work, demon-
strating a working attack on an ARM platform running
a L4Re virtualization layer has been published. Here
we show that AES in a number popular cryptographic
libraries including OpenSSL, PolarSSL and Libgcrypt
are vulnerable to Bernsteins correlation attack when run
in Xen and VMware (bare metal version) VMs, the most
popular VMs used by cloud service providers (CSP) such
as Amazon and Rackspace. We also show that the vul-
nerability persists even if the VMs are placed on differ-
ent cores in the same machine. The results of this study
shows that there is a great security risk to AES and (data
encrypted under AES) on popular cloud services.
1 Motivation
In as little as a decade cloud computing and cloud en-
abled applications have become mainstream running IT
services of many businesses and have even personal com-
puting through popular applications such as cloud based
storage, e.g. Dropbox, and media sharing and deliv-
ery systems, e.g. Netix. The biggest concern prevent-
ing companies and individuals from further adopting the
cloud is data security and personal privacy. Systems run-
ning on the cloud use libraries designed for a single-user
server-world, where adversaries can only interact over
well-dened network interfaces. In contrast, in the cloud,
malicious code may be running on the same machine
as the crypto stack, separated only by a virtual machine
manager (VMM). Indeed, the main security principle in
the design and implementation of VMMs has been that