Anthony, From: Anthony Liguori <anthony@xxxxxxxxxxxxx> Subject: Re: EuroSec'11 Presentation Date: Mon, 11 Apr 2011 10:27:27 -0500 > On 04/11/2011 03:51 AM, Stefan Hajnoczi wrote: > >> I'm happy to hear your comments. > >> The referee's comment was severe. It said there was not brand-new > >> point, but there are real attack experiences. My paper was just > >> evaluated the detction on apahce2 and sshd on Linux Guest OS and > >> Firefox and IE6 on Windows Guest OS. > > If I have a VM on the same physical host as someone else I may be able > > to determine which programs and specific versions they are currently > > running. > > > > Is there some creative attack using this technique that I'm missing? > > I don't see many serious threats. > > It's a deviation of a previously demonstrated attack where memory access > timing is used to guess memory content. This has been demonstrated in > the past to be a viable technique to reduce the keyspace of things like > ssh keys which makes attack a bit easier. > > But it's a well known issue with colocation and the attack can be > executed just by looking at raw memory access time (to guess whether > another process brought something into the cache). Thank you for comments. The memory disclosure attack can be prevented by several ways mention in my "Countermeasure" side (Page 22). If we limit KSM on READ-ONLY pages, we detect and prevent the attack. I also think most memory deduplication is on READ-ONLY pages. ------ Kuniysu Suzaki -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
