On 04/11/2011 10:46 AM, Kuniyasu Suzaki wrote:
But it's a well known issue with colocation and the attack can be
executed just by looking at raw memory access time (to guess whether
another process brought something into the cache).
Thank you for comments.
The memory disclosure attack can be prevented by several ways mention in my "Countermeasure" side (Page 22).
Not to be discouraging, but this class of attacks (side channel
information disclosures) is very well known and very well documented.
Side channel attacks are extremely difficult to use from a practical
perspective. First, you have to know that your target is colocated with
you and that you are actually sharing a resource. Second, you have to
be able to exploit the additional information you've gathered.
This type of attack is just as application to any multi-user environment
and is not at all unique to virtualization.
If we limit KSM on READ-ONLY pages, we detect and prevent the attack.
I also think most memory deduplication is on READ-ONLY pages.
There's really no point about worrying about these sort of things.
Either you're not going to colocate, you'll colocate and do the best you
can with what the hardware provides (socket isolation, no KSM, etc.), or
you're no going to worry about these types of things.
Again, it is extremely difficult to use side channel information
disclosures to actually exploit anything. If you are worried about this
level of security, you shouldn't be using x86 hardware as more advanced
hardware has more rigorous support for protecting against these sort of
things.
Regards,
Anthony Liguori
------
Kuniysu Suzaki
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html