Nov. 26th, 2012

izard: (Default)
I have seen some fuss recently about one side channel attack on a hypervisor. I even seen a customer who was concerned about it!

My personal opinion is that this type of attacks are not practical in real world environment. Side channel attacks involving cache timings were described many times, and they were always conducted in sterile setup: when full h/w and s/w setup was known by the attackers, and there were no disturbances, just a attacker and victim running. It also helped that full source of victim was available to attacker, as well as full build script.

I do cache timing measurements were often, and always have to figure out how to factor out the noise. It gets in even in sterile environment.

Authors of most papers, like one I mentioned, rightfully admit that their setup is very restrictive, but they envision some bad guys coming and repeating their work in real world environment. They admit it is very complex and not really feasible, but "this is a fairly elaborate attack and we would expect it to be mounted only by a sophisticated attack organization such as a nation-state". I don't buy this!

And btw, executing WBINV at random times leaves no room for this types of attack :) (except maybe for L1I cache timings)

Profile

izard: (Default)
izard

August 2025

S M T W T F S
     12
3456789
10111213 141516
17181920212223
24252627282930
31      

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Aug. 17th, 2025 07:25 pm
Powered by Dreamwidth Studios