Presented at
Black Hat Asia 2017,
March 30, 2017, 2:15 p.m.
(60 minutes).
In this talk, we present the first practical cache covert channel in the cloud. The goal is to secretly exfiltrate sensitive data from one fully isolated virtual machine to another virtual machine on the same physical host. Both communication endpoints require no privileges and run as regular user programs.<br> <br> Our attack exploits the CPU cache that is present in all modern processors. These caches are crucial to performance; they are shared across virtual machine boundaries and thus violate isolation guarantees. Cache covert channels have been discussed in many academic works; however, a practical application has not been demonstrated so far. One reason is that especially hypervisor activity and external events disrupt communication.<br> <br> Our covert channel is resilient against noise as we adapt established techniques from wireless transmission protocols. Even with extraordinarily high system activity, our covert channel stays entirely error free while maintaining high throughput and low latency. We sustain transmission rates of more than 45 KB/s on the Amazon EC2 cloud, exceeding state of the art by 3 orders of magnitude. Our protocol allows us to build an SSH connection between two virtual machines, where all existing covert channels fail.<br> <br> We demonstrate our covert channel attacks on the Amazon cloud live on stage, including interactive SSH sessions and video streaming. Finally, we present an open-source tool that helps security researchers in investigating the underlying hardware problem and assessing the risk for their infrastructure.
Presenters:
-
Manuel Weber
- Student, Graz University of Technology
Manuel Weber is a PhD student in the field of Internet of Things and Industry 4.0 at Graz University of Technology. He did his master in computer science, focusing on security and pervasive computing. His interests lie within security issues of IoT and its communication protocols. He recently co-authored his first paper which was accepted at NDSS 2017.
-
Michael Schwarz
- Student, Graz University of Technology
Michael Schwarz is an Infosec PhD student at Graz University of Technology. He holds two master's degrees, one in computer science and one in software development with a strong focus on security. He frequently participates in CTFs and has also been a finalist in the European Cyber Security Challenge. He was a speaker at Black Hat Europe 2016 and has co-authored several papers published at academic conferences and journals, including USENIX Security 2016 and NDSS 2017.
Links:
Similar Presentations: