Out-Of-Order Execution As A Cross-VM Side Channel And Other Applications

Presented at DeepSec 2017 „Science First!“, Unknown date/time (Unknown duration).

Given the rise in popularity of cloud computing and platform-as-a- service, vulnerabilities, inherent to systems which share hardware resources, will become increasingly attractive targets to malicious software authors. In this paper, we introduce a novel side channel across virtual machines through the detection of out-of-order execution. We cre- ate a simple duplex channel as well as a broadcast channel. We discuss possible adversaries for this channel and propose further work to make this channel more secure, efficient and applicable in realistic scenarios. In addition, we consider seven possible mali- cious applications of this channel: theft of encryption keys, program identification, environmental keying, malicious triggers, denial of service attacks, determining VM co-location, malicious data injec- tion, and side channels.

Presenters:

• Sophia d'Antoine - Trail of Bits, Rensselaer Polytechnic Institute
  T.B.A.
• Jeremy Blackthorne - Trail of Bits, Rensselaer Polytechnic Institute
  T.B.A.
• Bülent Yener - Trail of Bits, Rensselaer Polytechnic Institute
  T.B.A.

Links:

• https://deepsec.net/archive/2017.deepsec.net/speaker.html#PSLOT336

Similar Presentations:

• The Fifth HOPE (2004) / Making Use of the Subliminal Channel in DSA
• REcon 2015 / Exploiting Out-of-Order-Execution: Processor Side Channels to Enable Cross VM Code Execution
• Black Hat USA 2015 / Exploiting Out-of-Order Execution for Covert Cross-VM Communication