Been meaning to send this out for ages. About a month ago RSA figured out how to extract GPG private keys from a virtual machine given access to another VM on the same server.
This, generally speaking, sucks. Virtual machines were one of the few hopefully-halfway secure ways to use the whole “cloud” thing. Now even that little bit of trust can safely stamp its passport ‘evaporated.’
The attack is theoretically possible anywhere the attacker can get a VM on the same machine as the target, as it relies on monitoring the processor cache while alternating execution with the target. This means that while the researchers aimed it at one very narrow case (GPG on Xen), nobody can call themselves safe.
“Security experts have long speculated about whether virtualized environments, such as public clouds, exhibit dangerous side channels. A side channel is a form of information leakage that arises as a byproduct of resource exposure, such as the sharing of memory caches. A side-channel attack exploits such leakage to steal secrets, such as cryptographic keys. A side-channel attack is analogous to use of a drinking glass to eavesdrop on a neighbor through the wall. One byproduct of sharing walls in apartment buildings is potential exposure of private conversations.[…]
Virtualized environments might appear at first glance to dampen or expunge side-channels through strong isolation, one of their design goals. VMs run in distinct operating system instances isolated by a hypervisor and may even migrate across CPU cores. Many systems, in fact, rely implicitly on the security properties enforced by VM isolation. In a public cloud, a motley array of tenants, benign and malicious, are secured against one another mainly through virtualization.
But it turns out that virtualization doesn’t equal effective isolation. This past week, at ACM CCS, a major security research conference, lead author Yinqian Zhang presented a joint paper (UNC, Univ. of Wisc., and RSA Labs) documenting the first significant cross-VM side-channel attack. This attack leverages the L1 instruction-cache as a side channel. We explored the attack in the lab on a Xen-based virtualization platform representative of public cloud infrastructures. In our experiments, an attacker VM targets a co-resident victim VM running Gnu Privacy Guard (GnuPG), a software package that incorporates the OpenPGP e-mail encryption standard. The attacker VM is able to steal the victim VM’s full private (ElGamal) key. In other words, the attack results in complete compromise of one form of encryption in GnuPG.
As demonstrated, the attack is fairly narrow: It targets one vulnerable application in a particular class of virtualized environment. (GnuPG relies on a cryptographic package called libgcrypt that lacks well-established side-channel countermeasures.) It’s also fairly involved, requiring heavyweight use of machine learning, among other things. For various reasons, technical and ethical, we did not execute the attack in a public cloud. That said, the general techniques we’ve demonstrated are certainly extensible to other virtualization environments, applications, and forms of sensitive information. There’s no reason to think that a public cloud or any other virtualized environment is immune.
The takeaway is this: VMs running highly sensitive workloads should not be placed on the same hosts as potentially untrustworthy VMs.”