[RndTbl] Virtual machine used to steal crypto keys from other VM on same server | Ars Technica

Trevor Cordes trevor at tecnopolis.ca
Wed Nov 7 15:26:04 CST 2012


On 2012-11-06 Adam Thompson wrote:
> http://arstechnica.com/security/2012/11/crypto-keys-stolen-from-virtual-machine/
> 
> Some of our members have been convinced this was imminent for, oh,
> about a decade now.  It's finally happened, but as is pointed out,

If information, no matter how unreliable or difficult to recover, is
leaked between VMs (via caches or otherwise), then all bets are off.
Darek Mihocka (of emulators.com, Gemulator and Atari fame ages back)
has been saying this for years.  CISC CPUs are so complex now that
there are huge swaths of undefined/unknown behaviors that could easily
lead to virtualization instances not being so isolated after all.

> relies on side-chanel attacks on shared hardware. This STILL doesn't

I'm not so sure I'd really call this a "side-channel" attack.  That
somehow seeks to minimize the actual severity of the problem.  As does
the article's myopic focus on PKI keygen: "[move your PKI to separate
servers and you're ok]", as if to imply that non-keygen activities are
ok to be snooped upon?

BTW, Mihocka's blogs (on said site) make great reads.


More information about the Roundtable mailing list