We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Inter-VM data exfiltration: The art of cache timing covert channel on x86 multi-core

3
 Zitieren
 Teilen
 Herunterladen
 Bestellen
Kein Logo verfügbarDEF CON
 Martineau, Etienne

Formale Metadaten

Titel
Inter-VM data exfiltration: The art of cache timing covert channel on x86 multi-core
Serientitel
Anzahl der Teile
109
Autor
Lizenz
CC-Namensnennung 3.0 Unported:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.
Identifikatoren
Herausgeber
Erscheinungsjahr
Sprache

Inhaltliche Metadaten

Fachgebiet
Genre
Abstract
Inter-VM data exfiltration: The art of cache timing covert channel on x86 multi-core Etienne Martineau Software engineer, Cisco Systems On x86 multi-core covert channels between co-located Virtual Machine (VM) are real and practical thanks to the architecture that has many imperfections in the way shared resources are isolated. This talk will demonstrate how a non-privileged application from one VM can ex-filtrate data or even establish a reverse shell into a co-located VM using a cache timing covert channel that is totally hidden from the standard access control mechanisms while being able to offer surprisingly high bps at a low error rate. In this talk you'll learn about the various concepts, techniques and challenges involve in the design of a cache timing covert channel on x86 multi-core such as: An overview of some of the X86 shared resources and how we can use / abuse them to carry information across VMs. Fundamental concept behind cache line encoding / decoding. Getting around the hardware pre-fetching logic ( without disabling it from the BIOS! ) Data persistency and noise. What can be done? Guest to host page table de-obfuscation. The easy way. Phase Lock Loop and high precision inter-VM synchronization. All about timers. At the end of this talk we will go over a working VM to VM reverse shell example as well as some surprising bandwidth measurement results. We will also cover the detection aspect and the potential countermeasure to defeat such a communication channel. The source code is going to be release at that time on 'github' Speaker Bio: Etienne holds bachelor's degree in electrical engineering from University Laval at Quebec and is currently a senior technical leader at Cisco Systems. He has over 15 years' mission critical Linux in telecom and space industry experience. His career has covered broad range of high performance / high availability hardware and software technologies, system level architecture and since 2008 a very special focus on the KVM hypervisor. He likes to work on complex and challenging problems but when not working, he likes to spend time with his family and during the night hack virtual machines or rebuild car engines.