From: Anthony Liguori <anthony@codemonkey.ws>
To: Kuniyasu Suzaki <k.suzaki@aist.go.jp>
Cc: stefanha@gmail.com, avi@redhat.com, kvm@vger.kernel.org
Subject: Re: EuroSec'11 Presentation
Date: Mon, 11 Apr 2011 12:19:10 -0500 [thread overview]
Message-ID: <4DA3380E.7040506@codemonkey.ws> (raw)
In-Reply-To: <20110412.004641.91284108.k.suzaki@aist.go.jp>
On 04/11/2011 10:46 AM, Kuniyasu Suzaki wrote:
>
>> But it's a well known issue with colocation and the attack can be
>> executed just by looking at raw memory access time (to guess whether
>> another process brought something into the cache).
> Thank you for comments.
> The memory disclosure attack can be prevented by several ways mention in my "Countermeasure" side (Page 22).
Not to be discouraging, but this class of attacks (side channel
information disclosures) is very well known and very well documented.
Side channel attacks are extremely difficult to use from a practical
perspective. First, you have to know that your target is colocated with
you and that you are actually sharing a resource. Second, you have to
be able to exploit the additional information you've gathered.
This type of attack is just as application to any multi-user environment
and is not at all unique to virtualization.
> If we limit KSM on READ-ONLY pages, we detect and prevent the attack.
> I also think most memory deduplication is on READ-ONLY pages.
There's really no point about worrying about these sort of things.
Either you're not going to colocate, you'll colocate and do the best you
can with what the hardware provides (socket isolation, no KSM, etc.), or
you're no going to worry about these types of things.
Again, it is extremely difficult to use side channel information
disclosures to actually exploit anything. If you are worried about this
level of security, you shouldn't be using x86 hardware as more advanced
hardware has more rigorous support for protecting against these sort of
things.
Regards,
Anthony Liguori
> ------
> Kuniysu Suzaki
>
next prev parent reply other threads:[~2011-04-11 17:19 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-10 14:23 EuroSec'11 Presentation Kuniyasu Suzaki
2011-04-10 14:49 ` Avi Kivity
2011-04-10 15:19 ` Kuniyasu Suzaki
2011-04-11 8:51 ` Stefan Hajnoczi
2011-04-11 15:26 ` Kuniyasu Suzaki
2011-04-11 15:27 ` Anthony Liguori
2011-04-11 15:46 ` Kuniyasu Suzaki
2011-04-11 15:48 ` Avi Kivity
2011-04-11 16:01 ` Kuniyasu Suzaki
2011-04-13 18:04 ` Andi Kleen
2011-04-11 17:19 ` Anthony Liguori [this message]
2011-04-12 13:16 ` Kuniyasu Suzaki
2011-04-11 16:25 ` Stefan Hajnoczi
2011-04-11 17:22 ` Anthony Liguori
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4DA3380E.7040506@codemonkey.ws \
--to=anthony@codemonkey.ws \
--cc=avi@redhat.com \
--cc=k.suzaki@aist.go.jp \
--cc=kvm@vger.kernel.org \
--cc=stefanha@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox