have no incentive
to undermine their
of a single,
the security of
an entire system.
lines are evicted; the attacker deduces
the execution pattern code based on
the evicted cache lines and is able to
extract the victim’s cryptographic key.
Moreover, combining such attacks with
techniques to exploit cloud placement
algorithms26 could allow attackers to
identify victims precisely, arrange to
forcibly co-locate virtual machines, and
extract sensitive data from them.
Modern hypervisors are helpless to
prevent them, as they have no way to
partition or isolate the caches, which
are often shared between cores on the
same processor on modern architectures. While researchers have proposed techniques to mitigate timing
attacks (such as randomly delaying
requests, adjusting the virtual machine’s perception of time and adding enough noise to the computation
to prevent information leakage), no
low-overhead practically deployable
solutions are available. Such mitigation techniques remain an active area
What to Do?
The resurgence of hypervisors is a
relatively recent phenomenon, with
significant security advances in only a
few years. However, they are extremely
complex pieces of software, and writing a completely bug-free hypervisor
is daunting, if not impossible; vulnerabilities will therefore continue to exist
and be exploited.
Assuming any given system will
eventually be exploited, what can we
do? Recovering from an exploit is so
fraught with risk (overlooking even a
single backdoor can lead to re-com-promise) it usually entails restoring
the system from a known good backup.
Any changes since this last backup are
lost. However, before recovery can begin, the exploit must first be detected.
Any delay toward such detection represents a window of opportunity for an
attacker to monitor or manipulate the
Comprehensive logging and auditing techniques are required in several
application domains, especially for
complying with many of the standards
cloud providers aim to guarantee.
Broadly speaking, such audit trails
have helped uncover corporate impropriety, financial fraud, and even piece
together causes of tragic accidents.
conditions in the code to validate any
control-flow transfer instructions.
Software-based CFI implementations typically rely on more privileged
components to ensure the enforcement mechanism itself is not disabled
or tampered with; for example, the
kernel can prevent user-space applications from accessing and bypassing the
inserted guard conditions. However,
shepherding the execution of hypervisors through CFI is more of a challenge;
as the hypervisor is the most privileged
software component, there is nothing to prevent it from modifying the
enforcement engine. A possible work-around34 is to mark all memory as read-only, even to the hypervisor, and fault
on any attempted modification. Such
modification is verified while handling
the fault, and, though benign updates
to nonsensitive pages are allowed, any
attempt to modify the enforcement
engine is blocked. Despite the difficulties, monitoring control flow is one of
the most comprehensive techniques to
counter code-injection exploits.
Shared Hardware Resources
A hypervisor provides strong isolation guarantees between virtual machines, preventing information leakage between them. Such guarantees
are critical for cloud computing; their
absence would spell the end for pub-lic-cloud deployments. The need for
strong isolation is typically balanced
against another operational requirement, that providers share hardware
resources between virtual machines
to provide services at the scale and
cost users demand.
Side-channel attacks bypass isolation boundaries by ignoring the software stack and deriving information
from shared hardware resources; for
example, timing attacks infer certain
system properties by measuring the
variance in time taken for the same
operation across several executions
under varying circumstances. Timing
attacks on shared instruction caches
have allowed attackers to extract cryptographic keys from a co-located victim’s virtual machine.
These attacks are conceptually simple: The attacker fills up the i-cache,
then waits for the victim to run. The
exact execution within the victim’s virtual machine determines which cache