techtalk leaks and side channels
DESCRIPTION
TechTalk Leaks and Side Channels. By: Piotr T. Zbiegiel. Title and Content Layout with List. Add your first bullet point here Add your second bullet point here Add your third bullet point here. What are Leaks?. - PowerPoint PPT PresentationTRANSCRIPT
TechTalkLeaks and Side ChannelsBy: Piotr T. Zbiegiel
Title and Content Layout with List• Add your first bullet point here
• Add your second bullet point here
• Add your third bullet point here
What are Leaks?• In a virtual system a leak occurs anytime an attacker receives
information to which they would not normally have access.
• There are two types of leaks:
• Direct leaks in which an attack gets access to underlying network, storage, or memory
• Indirect attacks where the attacker can glean information about other tenants or the underlying system. This is termed a side-channel attack.
Side Channels• The term side channel is normally tied to a type of attack against
cryptographic systems.
• Rather than attacking a cryptosystem head-on the attacker attempts to learn details of the encrypted message or key by indirect means.
Example: Network Hustle• The book describes an attack on a Xen
hypervisor where the attacker steals the IP address of a cotenant.
• This is accomplished by adding a new IP to the virtual network interface of Evil VM that is the same as Target VM.
• The hypervisor accepts the networking change and begins passing traffic to Evil VM instead of the correct recipient.
• Evil VM now has access to all traffic headed to the target.
Target VM
Evil VM
Hypervisor
10.0.0.1
10.0.0.2 10.0.0
.2
Virtual MITM• The preceding example attack can be mitigated by configuring
some simple layer 2 filtering rules on the hypervisor.
• Simple and yet we can’t assume the protection is in place.
• Attacks like this are a great reminder of the risks inherent in sharing network paths with guest VMs.
• Make sure a cloud system has dedicated management and storage networks so it can avoid sending that traffic on paths shared with virtual machines.
Variety of Virtualization Attacks• 2010 IBM paper showed rise in vulnerabilities and exploits against
virtualization platforms. They identified 6 types of vulnerabilities:
1. Attacks against management console.
2. Attacks against management service with rights on the hypervisors.
3. Attacks against administrative VMs.
4. Attacks against guest VMs.
5. Attacks against the hypervisor.
6. Hypervisor escape.
• So where are side-channel attacks?
Hey, You, Get Off of My Cloud
Detecting Co-tenancy
Forcing Co-Tenancy
Avoiding Co-Tenancy
Conclusion