Virtual machine used to steal crypto keys from other VM on same server | Ars Technica
http://arstechnica.com/security/2012/11/crypto-keys-stolen-from-virtual-mach... Some of our members have been convinced this was imminent for, oh, about a decade now. It's finally happened, but as is pointed out, relies on side-chanel attacks on shared hardware. This STILL doesn't mean virtualization itself is inherently insecure... but it does mean public clouds just got a little harder to trust for high-security operations. -Adam
enter Fully Homomorphic Encryption - computational security at the cost of performance. http://en.wikipedia.org/wiki/Homomorphic_encryption https://hcrypt.com/ On Tue, Nov 6, 2012 at 8:07 PM, Adam Thompson <athompso@athompso.net> wrote:
http://arstechnica.com/security/2012/11/crypto-keys-stolen-from-virtual-mach...
Some of our members have been convinced this was imminent for, oh, about a decade now. It's finally happened, but as is pointed out, relies on side-chanel attacks on shared hardware. This STILL doesn't mean virtualization itself is inherently insecure... but it does mean public clouds just got a little harder to trust for high-security operations. -Adam
_______________________________________________ Roundtable mailing list Roundtable@muug.mb.ca http://www.muug.mb.ca/mailman/listinfo/roundtable
On 2012-11-06 Adam Thompson wrote:
http://arstechnica.com/security/2012/11/crypto-keys-stolen-from-virtual-mach...
Some of our members have been convinced this was imminent for, oh, about a decade now. It's finally happened, but as is pointed out,
If information, no matter how unreliable or difficult to recover, is leaked between VMs (via caches or otherwise), then all bets are off. Darek Mihocka (of emulators.com, Gemulator and Atari fame ages back) has been saying this for years. CISC CPUs are so complex now that there are huge swaths of undefined/unknown behaviors that could easily lead to virtualization instances not being so isolated after all.
relies on side-chanel attacks on shared hardware. This STILL doesn't
I'm not so sure I'd really call this a "side-channel" attack. That somehow seeks to minimize the actual severity of the problem. As does the article's myopic focus on PKI keygen: "[move your PKI to separate servers and you're ok]", as if to imply that non-keygen activities are ok to be snooped upon? BTW, Mihocka's blogs (on said site) make great reads.
participants (3)
-
Adam Thompson -
Robert Keizer -
Trevor Cordes