On Mon, Apr 11, 2011 at 4:27 PM, Anthony Liguori <anthony@xxxxxxxxxxxxx> wrote: > On 04/11/2011 03:51 AM, Stefan Hajnoczi wrote: >>> >>> I'm happy to hear your comments. >>> The referee's comment was severe. It said there was not brand-new >>> point, but there are real attack experiences. My paper was just >>> evaluated the detction on apahce2 and sshd on Linux Guest OS and >>> Firefox and IE6 on Windows Guest OS. >> >> If I have a VM on the same physical host as someone else I may be able >> to determine which programs and specific versions they are currently >> running. >> >> Is there some creative attack using this technique that I'm missing? >> I don't see many serious threats. > > It's a deviation of a previously demonstrated attack where memory access > timing is used to guess memory content. This has been demonstrated in the > past to be a viable technique to reduce the keyspace of things like ssh keys > which makes attack a bit easier. How can you reduce the key space by determining whether the guest has arbitrary 4 KB data in physical memory? Stefan -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
