From mboxrd@z Thu Jan  1 00:00:00 1970
From: Anthony Liguori <anthony@codemonkey.ws>
Subject: Re: EuroSec'11 Presentation
Date: Mon, 11 Apr 2011 12:22:19 -0500
Message-ID: <4DA338CB.5050708@codemonkey.ws>
References: <20110410.232340.01368317.k.suzaki@aist.go.jp>	<4DA1C390.10003@redhat.com>	<20110411.001930.73371943.k.suzaki@aist.go.jp>	<BANLkTi=+tjG8dxvaqsw52ouGcR=6Z3Rw0w@mail.gmail.com>	<4DA31DDF.7060605@codemonkey.ws> <BANLkTi=di8-7U9x6_FQOKxHdXqV2bG333w@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Kuniyasu Suzaki <k.suzaki@aist.go.jp>, avi@redhat.com,
	kvm@vger.kernel.org
To: Stefan Hajnoczi <stefanha@gmail.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mail-gy0-f174.google.com ([209.85.160.174]:60604 "EHLO
	mail-gy0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753394Ab1DKRWW (ORCPT <rfc822;kvm@vger.kernel.org>);
	Mon, 11 Apr 2011 13:22:22 -0400
Received: by gyd10 with SMTP id 10so2232208gyd.19
        for <kvm@vger.kernel.org>; Mon, 11 Apr 2011 10:22:21 -0700 (PDT)
In-Reply-To: <BANLkTi=di8-7U9x6_FQOKxHdXqV2bG333w@mail.gmail.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On 04/11/2011 11:25 AM, Stefan Hajnoczi wrote:
> On Mon, Apr 11, 2011 at 4:27 PM, Anthony Liguori<anthony@codemonkey.ws>  wrote:
>>
>> It's a deviation of a previously demonstrated attack where memory access
>> timing is used to guess memory content.  This has been demonstrated in the
>> past to be a viable technique to reduce the keyspace of things like ssh keys
>> which makes attack a bit easier.
> How can you reduce the key space by determining whether the guest has
> arbitrary 4 KB data in physical memory?

I'm not sure that you can.  But the way the cache timing attack worked 
is that by doing a cache timing analysis in another process that's 
sharing the cache with a process doing key generation, you can make 
predictions about the paths taken by the key generation code which let's 
you narrow down the key space.

Of course, even this is extremely hard to exploit because you need to 
happen to be sharing a cache with something that's doing ssh key 
generation, you have to know when it starts and when it ends, and you 
have to know exactly what version of ssh is running.  And even then, 
it's just reduces the time needed to brute force.  It still takes a long 
time.

I think knowing whether a 4kb page is shared by some other guest in the 
system is so little information that I don't see what you could 
practically do with it that can't already be done via a cache timing attack.

Regards,

Anthony Liguori

> Stefan