On 04/11/2011 03:51 AM, Stefan Hajnoczi wrote:
I'm happy to hear your comments.
The referee's comment was severe. It said there was not brand-new
point, but there are real attack experiences. My paper was just
evaluated the detction on apahce2 and sshd on Linux Guest OS and
Firefox and IE6 on Windows Guest OS.
If I have a VM on the same physical host as someone else I may be able
to determine which programs and specific versions they are currently
running.
Is there some creative attack using this technique that I'm missing?
I don't see many serious threats.
It's a deviation of a previously demonstrated attack where memory access
timing is used to guess memory content. This has been demonstrated in
the past to be a viable technique to reduce the keyspace of things like
ssh keys which makes attack a bit easier.
But it's a well known issue with colocation and the attack can be
executed just by looking at raw memory access time (to guess whether
another process brought something into the cache).
Regards,
Anthony Liguori
Stefan
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
