Security experts have long speculated about whether virtualized environments, such as public clouds, exhibit dangerous side channels. A side channel is a form of information leakage that arises as a byproduct of resource exposure, such as the sharing of memory caches. A side-channel attack exploits such leakage to steal secrets, such as cryptographic keys. A side-channel attack is analogous to use of a drinking glass to eavesdrop on a neighbor through the wall. One byproduct of sharing walls in apartment buildings is potential exposure of private conversations.
In computing environments, researchers have demonstrated a rich array side-channel attacks that completely compromise secret cryptographic keys. (Perhaps the most bizarre is Shamir and Tromer’s use of CPU acoustics to extract keys.) So it’s important to ask: Could side-channel attacks permit malicious tenants to steal secrets from others in the cloud?
Virtualized environments might appear at first glance to dampen or expunge side-channels through strong isolation, one of their design goals. VMs run in distinct operating system instances isolated by a hypervisor and may even migrate across CPU cores. Many systems, in fact, rely implicitly on the security properties enforced by VM isolation. In a public cloud, a motley array of tenants, benign and malicious, are secured against one another mainly through virtualization.
But it turns out that virtualization doesn’t equal effective isolation. This past week, at ACM CCS, a major security research conference, lead author Yinqian Zhang presented a joint paper (UNC, Univ. of Wisc., and RSA Labs) documenting the first significant cross-VM side-channel attack. This attack leverages the L1 instruction-cache as a side channel. We explored the attack in the lab on a Xen-based virtualization platform representative of public cloud infrastructures. In our experiments, an attacker VM targets a co-resident victim VM running Gnu Privacy Guard (GnuPG), a software package that incorporates the OpenPGP e-mail encryption standard. The attacker VM is able to steal the victim VM’s full private (ElGamal) key. In other words, the attack results in complete compromise of one form of encryption in GnuPG.
As demonstrated, the attack is fairly narrow: It targets one vulnerable application in a particular class of virtualized environment. (GnuPG relies on a cryptographic package called libgcrypt that lacks well-established side-channel countermeasures.) It’s also fairly involved, requiring heavyweight use of machine learning, among other things. For various reasons, technical and ethical, we did not execute the attack in a public cloud. That said, the general techniques we’ve demonstrated are certainly extensible to other virtualization environments, applications, and forms of sensitive information. There’s no reason to think that a public cloud or any other virtualized environment is immune.
The takeaway is this: VMs running highly sensitive workloads should not be placed on the same hosts as potentially untrustworthy VMs.
Citation: Cross-VM Side Channels and Their Use to Extract Private Keys. Y. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart. ACM Conference on Computer and Communications Security (CCS), pp. 305-316. 2012.