EuroSec'11 Presentation

EuroSec'11 Presentation

[Kuniyasu Suzaki]

Dear,

I made a presentation about memory disclosure attack on SKM (Kernel
Samepage Merging) with KVM at EuroSec 2011.
The titile is "Memory Deduplication as a Threat to the Guest OS".
  http://www.iseclab.org/eurosec-2011/program.html

The slide is downloadbale.
  http://www.slideshare.net/suzaki/eurosec2011-slide-memory-deduplication
The paper will be downloadble form ACM Digital Library.

Please tell me, if you have comments. Thank you.

------
Kuniyasu Suzaki

Re: EuroSec'11 Presentation

[Avi Kivity]

On 04/10/2011 05:23 PM, Kuniyasu Suzaki wrote:
> Dear,
>
> I made a presentation about memory disclosure attack on SKM (Kernel
> Samepage Merging) with KVM at EuroSec 2011.
> The titile is "Memory Deduplication as a Threat to the Guest OS".
>    http://www.iseclab.org/eurosec-2011/program.html
>
> The slide is downloadbale.
>    http://www.slideshare.net/suzaki/eurosec2011-slide-memory-deduplication
> The paper will be downloadble form ACM Digital Library.
>
> Please tell me, if you have comments. Thank you.

Very interesting presentation.  It seems every time you share something, 
it become a target for attacks.

-- 
error compiling committee.c: too many arguments to function

Re: EuroSec'11 Presentation

[Kuniyasu Suzaki]

From: Avi Kivity <avi@redhat.com>
Subject: Re: EuroSec'11 Presentation
Date: Sun, 10 Apr 2011 17:49:52 +0300

> On 04/10/2011 05:23 PM, Kuniyasu Suzaki wrote:
> > Dear,
> >
> > I made a presentation about memory disclosure attack on SKM (Kernel
> > Samepage Merging) with KVM at EuroSec 2011.
> > The titile is "Memory Deduplication as a Threat to the Guest OS".
> >    http://www.iseclab.org/eurosec-2011/program.html
> >
> > The slide is downloadbale.
> >    http://www.slideshare.net/suzaki/eurosec2011-slide-memory-deduplication
> > The paper will be downloadble form ACM Digital Library.
> >
> > Please tell me, if you have comments. Thank you.
> 
> Very interesting presentation.  It seems every time you share something, 
> it become a target for attacks.

I'm happy to hear your comments.
The referee's comment was severe. It said there was not brand-new
point, but there are real attack experiences.  My paper was just
evaluated the detction on apahce2 and sshd on Linux Guest OS and
Firefox and IE6 on Windows Guest OS.

------
Kuniyasu Suzaki

> 
> -- 
> error compiling committee.c: too many arguments to function
> 
> 

Re: EuroSec'11 Presentation

[Stefan Hajnoczi]

On Sun, Apr 10, 2011 at 4:19 PM, Kuniyasu Suzaki <k.suzaki@aist.go.jp> wrote:
>
> From: Avi Kivity <avi@redhat.com>
> Subject: Re: EuroSec'11 Presentation
> Date: Sun, 10 Apr 2011 17:49:52 +0300
>
>> On 04/10/2011 05:23 PM, Kuniyasu Suzaki wrote:
>> > Dear,
>> >
>> > I made a presentation about memory disclosure attack on SKM (Kernel
>> > Samepage Merging) with KVM at EuroSec 2011.
>> > The titile is "Memory Deduplication as a Threat to the Guest OS".
>> >    http://www.iseclab.org/eurosec-2011/program.html
>> >
>> > The slide is downloadbale.
>> >    http://www.slideshare.net/suzaki/eurosec2011-slide-memory-deduplication
>> > The paper will be downloadble form ACM Digital Library.
>> >
>> > Please tell me, if you have comments. Thank you.
>>
>> Very interesting presentation.  It seems every time you share something,
>> it become a target for attacks.
>
> I'm happy to hear your comments.
> The referee's comment was severe. It said there was not brand-new
> point, but there are real attack experiences.  My paper was just
> evaluated the detction on apahce2 and sshd on Linux Guest OS and
> Firefox and IE6 on Windows Guest OS.

If I have a VM on the same physical host as someone else I may be able
to determine which programs and specific versions they are currently
running.

Is there some creative attack using this technique that I'm missing?
I don't see many serious threats.

Stefan

Re: EuroSec'11 Presentation

[Kuniyasu Suzaki]

Stefan,

From: Stefan Hajnoczi <stefanha@gmail.com>
Subject: Re: EuroSec'11 Presentation
Date: Mon, 11 Apr 2011 09:51:42 +0100

> On Sun, Apr 10, 2011 at 4:19 PM, Kuniyasu Suzaki <k.suzaki@aist.go.jp> wrote:
> >
> > From: Avi Kivity <avi@redhat.com>
> > Subject: Re: EuroSec'11 Presentation
> > Date: Sun, 10 Apr 2011 17:49:52 +0300
> >
> >> On 04/10/2011 05:23 PM, Kuniyasu Suzaki wrote:
> >> > Dear,
> >> >
> >> > I made a presentation about memory disclosure attack on SKM (Kernel
> >> > Samepage Merging) with KVM at EuroSec 2011.
> >> > The titile is "Memory Deduplication as a Threat to the Guest OS".
> >> >    http://www.iseclab.org/eurosec-2011/program.html
> >> >
> >> > The slide is downloadbale.
> >> >    http://www.slideshare.net/suzaki/eurosec2011-slide-memory-deduplication
> >> > The paper will be downloadble form ACM Digital Library.
> >> >
> >> > Please tell me, if you have comments. Thank you.
> >>
> >> Very interesting presentation.  It seems every time you share something,
> >> it become a target for attacks.
> >
> > I'm happy to hear your comments.
> > The referee's comment was severe. It said there was not brand-new
> > point, but there are real attack experiences.  My paper was just
> > evaluated the detction on apahce2 and sshd on Linux Guest OS and
> > Firefox and IE6 on Windows Guest OS.
> 
> If I have a VM on the same physical host as someone else I may be able
> to determine which programs and specific versions they are currently
> running.
> 
> Is there some creative attack using this technique that I'm missing?
> I don't see many serious threats.

The memory disclosure attack assumed to be applied on Cloud Computing
which offers multi tenants. Even if a application has a vulnerablity,
attacker can find and attack it.
As I show my slides, IE6 is an exmaple.

The situation resembles to Cross VM Side Channel Attack mentioned in
CCS10 paper "Hey, you, get off of my cloud".

----
Kuniyasu Suzaki

Re: EuroSec'11 Presentation

[Anthony Liguori]

On 04/11/2011 03:51 AM, Stefan Hajnoczi wrote:
>> I'm happy to hear your comments.
>> The referee's comment was severe. It said there was not brand-new
>> point, but there are real attack experiences.  My paper was just
>> evaluated the detction on apahce2 and sshd on Linux Guest OS and
>> Firefox and IE6 on Windows Guest OS.
> If I have a VM on the same physical host as someone else I may be able
> to determine which programs and specific versions they are currently
> running.
>
> Is there some creative attack using this technique that I'm missing?
> I don't see many serious threats.

It's a deviation of a previously demonstrated attack where memory access 
timing is used to guess memory content.  This has been demonstrated in 
the past to be a viable technique to reduce the keyspace of things like 
ssh keys which makes attack a bit easier.

But it's a well known issue with colocation and the attack can be 
executed just by looking at raw memory access time (to guess whether 
another process brought something into the cache).

Regards,

Anthony Liguori

> Stefan
> --
> To unsubscribe from this list: send the line "unsubscribe kvm" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: EuroSec'11 Presentation

[Kuniyasu Suzaki]

Anthony,

From: Anthony Liguori <anthony@codemonkey.ws>
Subject: Re: EuroSec'11 Presentation
Date: Mon, 11 Apr 2011 10:27:27 -0500

> On 04/11/2011 03:51 AM, Stefan Hajnoczi wrote:
> >> I'm happy to hear your comments.
> >> The referee's comment was severe. It said there was not brand-new
> >> point, but there are real attack experiences.  My paper was just
> >> evaluated the detction on apahce2 and sshd on Linux Guest OS and
> >> Firefox and IE6 on Windows Guest OS.
> > If I have a VM on the same physical host as someone else I may be able
> > to determine which programs and specific versions they are currently
> > running.
> >
> > Is there some creative attack using this technique that I'm missing?
> > I don't see many serious threats.
> 
> It's a deviation of a previously demonstrated attack where memory access 
> timing is used to guess memory content.  This has been demonstrated in 
> the past to be a viable technique to reduce the keyspace of things like 
> ssh keys which makes attack a bit easier.
> 
> But it's a well known issue with colocation and the attack can be 
> executed just by looking at raw memory access time (to guess whether 
> another process brought something into the cache).

Thank you for comments.
The memory disclosure attack can be prevented by several ways mention in my "Countermeasure" side (Page 22).

If we limit KSM on READ-ONLY pages, we detect and prevent the attack.
I also think most memory deduplication is on READ-ONLY pages.

------
Kuniysu Suzaki

Re: EuroSec'11 Presentation

[Avi Kivity]

On 04/11/2011 06:46 PM, Kuniyasu Suzaki wrote:
> >
> >  But it's a well known issue with colocation and the attack can be
> >  executed just by looking at raw memory access time (to guess whether
> >  another process brought something into the cache).
>
> Thank you for comments.
> The memory disclosure attack can be prevented by several ways mention in my "Countermeasure" side (Page 22).
>
> If we limit KSM on READ-ONLY pages, we detect and prevent the attack.
> I also think most memory deduplication is on READ-ONLY pages.
>

With EPT or NPT you cannot detect if a page is read only.

Furthermore, at least Linux (without highmem) maps all of memory with a 
read/write mapping in addition to the per-process mapping, so no page is 
read-only.

-- 
error compiling committee.c: too many arguments to function

Re: EuroSec'11 Presentation

[Kuniyasu Suzaki]

From: Avi Kivity <avi@redhat.com>
Subject: Re: EuroSec'11 Presentation
Date: Mon, 11 Apr 2011 18:48:41 +0300

> On 04/11/2011 06:46 PM, Kuniyasu Suzaki wrote:
> > >
> > >  But it's a well known issue with colocation and the attack can be
> > >  executed just by looking at raw memory access time (to guess whether
> > >  another process brought something into the cache).
> >
> > Thank you for comments.
> > The memory disclosure attack can be prevented by several ways mention in my "Countermeasure" side (Page 22).
> >
> > If we limit KSM on READ-ONLY pages, we detect and prevent the attack.
> > I also think most memory deduplication is on READ-ONLY pages.
> >
> 
> With EPT or NPT you cannot detect if a page is read only.
> 
> Furthermore, at least Linux (without highmem) maps all of memory with a 
> read/write mapping in addition to the per-process mapping, so no page is 
> read-only.

Unfortunately, yes. Linux kernel maps all memory with read/write.
I met this problem already.
I have to find another OS which clearly separete read only pages.

I also know the CPU can not distinguish read only pages.
However, If a VMM can trace CR3 and retrive the page tables, we can
distinguish read only page or not.
Yes, it is a academic interest.

------
suzaki

Re: EuroSec'11 Presentation

[Stefan Hajnoczi]

On Mon, Apr 11, 2011 at 4:27 PM, Anthony Liguori <anthony@codemonkey.ws> wrote:
> On 04/11/2011 03:51 AM, Stefan Hajnoczi wrote:
>>>
>>> I'm happy to hear your comments.
>>> The referee's comment was severe. It said there was not brand-new
>>> point, but there are real attack experiences.  My paper was just
>>> evaluated the detction on apahce2 and sshd on Linux Guest OS and
>>> Firefox and IE6 on Windows Guest OS.
>>
>> If I have a VM on the same physical host as someone else I may be able
>> to determine which programs and specific versions they are currently
>> running.
>>
>> Is there some creative attack using this technique that I'm missing?
>> I don't see many serious threats.
>
> It's a deviation of a previously demonstrated attack where memory access
> timing is used to guess memory content.  This has been demonstrated in the
> past to be a viable technique to reduce the keyspace of things like ssh keys
> which makes attack a bit easier.

How can you reduce the key space by determining whether the guest has
arbitrary 4 KB data in physical memory?

Stefan

Re: EuroSec'11 Presentation

[Anthony Liguori]

On 04/11/2011 10:46 AM, Kuniyasu Suzaki wrote:
>
>> But it's a well known issue with colocation and the attack can be
>> executed just by looking at raw memory access time (to guess whether
>> another process brought something into the cache).
> Thank you for comments.
> The memory disclosure attack can be prevented by several ways mention in my "Countermeasure" side (Page 22).

Not to be discouraging, but this class of attacks (side channel 
information disclosures) is very well known and very well documented.

Side channel attacks are extremely difficult to use from a practical 
perspective.  First, you have to know that your target is colocated with 
you and that you are actually sharing a resource.  Second, you have to 
be able to exploit the additional information you've gathered.

This type of attack is just as application to any multi-user environment 
and is not at all unique to virtualization.

> If we limit KSM on READ-ONLY pages, we detect and prevent the attack.
> I also think most memory deduplication is on READ-ONLY pages.

There's really no point about worrying about these sort of things.  
Either you're not going to colocate, you'll colocate and do the best you 
can with what the hardware provides (socket isolation, no KSM, etc.), or 
you're no going to worry about these types of things.

Again, it is extremely difficult to use side channel information 
disclosures to actually exploit anything.  If you are worried about this 
level of security, you shouldn't be using x86 hardware as more advanced 
hardware has more rigorous support for protecting against these sort of 
things.

Regards,

Anthony Liguori

> ------
> Kuniysu Suzaki
>

Re: EuroSec'11 Presentation

[Anthony Liguori]

On 04/11/2011 11:25 AM, Stefan Hajnoczi wrote:
> On Mon, Apr 11, 2011 at 4:27 PM, Anthony Liguori<anthony@codemonkey.ws>  wrote:
>>
>> It's a deviation of a previously demonstrated attack where memory access
>> timing is used to guess memory content.  This has been demonstrated in the
>> past to be a viable technique to reduce the keyspace of things like ssh keys
>> which makes attack a bit easier.
> How can you reduce the key space by determining whether the guest has
> arbitrary 4 KB data in physical memory?

I'm not sure that you can.  But the way the cache timing attack worked 
is that by doing a cache timing analysis in another process that's 
sharing the cache with a process doing key generation, you can make 
predictions about the paths taken by the key generation code which let's 
you narrow down the key space.

Of course, even this is extremely hard to exploit because you need to 
happen to be sharing a cache with something that's doing ssh key 
generation, you have to know when it starts and when it ends, and you 
have to know exactly what version of ssh is running.  And even then, 
it's just reduces the time needed to brute force.  It still takes a long 
time.

I think knowing whether a 4kb page is shared by some other guest in the 
system is so little information that I don't see what you could 
practically do with it that can't already be done via a cache timing attack.

Regards,

Anthony Liguori

> Stefan

Re: EuroSec'11 Presentation

[Kuniyasu Suzaki]

Anthony,

From: Anthony Liguori <anthony@codemonkey.ws>
Subject: Re: EuroSec'11 Presentation
Date: Mon, 11 Apr 2011 12:19:10 -0500

> Again, it is extremely difficult to use side channel information 
> disclosures to actually exploit anything.  If you are worried about this 
> level of security, you shouldn't be using x86 hardware as more advanced 
> hardware has more rigorous support for protecting against these sort of 
> things.

I know the difficulty to attack on memory deduplication. I think the
situation is same as Corss-VM Side Channel Attack [CCS'09] and Cold
Boot Attack [USENIX Security'08].

However, from the view of security, we have to know the vulnerability.
The practical evaluation should based on the balance of possibility
and impact. I agree the possibility is low and there is no practical
attack on current situation.

------
Kuniyasu Suzaki

Re: EuroSec'11 Presentation

[Andi Kleen]

Avi Kivity <avi@redhat.com> writes:
>
> With EPT or NPT you cannot detect if a page is read only.

Why not? You can always walk the page tables manually again.

> Furthermore, at least Linux (without highmem) maps all of memory with
> a read/write mapping in addition to the per-process mapping, so no
> page is read-only.

Even with 32bit highmem most memory will be eventually mapped writable by
kmap when. There's currently no concept of a ro-kmap. However I suspect
it wouldn't be too hard to add one.

-Andi

-- 
ak@linux.intel.com -- Speaking for myself only