Abstract
Cloud’s unrivaled cost effectiveness and on the fly operation versatility is attractive to enterprise and personal users. However, the cloud inherits a dangerous behavior from virtualization systems that poses a serious security risk: resource sharing. This work exploits a shared resource optimization technique called memory deduplication to mount a powerful known-ciphertext only cache side-channel attack on a popular OpenSSL implementation of AES. In contrast to the other cross-VM cache attacks, our attack does not require synchronization with the target server and is fully asynchronous, working in a more realistic scenario with much weaker assumption. Also, our attack succeeds in just 15 seconds working across cores in the cross-VM setting. Our results show that there is strong information leakage through cache in virtualized systems and the memory deduplication should be approached with caution.
Original language | English |
---|---|
Title of host publication | Constructive Side-Channel Analysis and Secure Design |
Editors | Stefan Mangard, Axel Y. Poschmann |
Number of pages | 16 |
Volume | 9064 |
Publisher | Springer Berlin Heidelberg |
Publication date | 17.07.2015 |
Pages | 111-126 |
ISBN (Print) | 978-3-319-21475-7 |
ISBN (Electronic) | 978-3-319-21476-4 |
DOIs | |
Publication status | Published - 17.07.2015 |
Event | 6th nternational Workshop on Constructive Side-Channel Analysis and Secure Design - Berlin, Germany Duration: 13.04.2015 → 14.04.2015 |