Exploiting Out-of-Order-Execution: Processor Side Channels to Enable Cross VM Code Execution

Presented at REcon 2015, June 19, 2015, 3 p.m. (30 minutes)

Given the rise in popularity of cloud computing and platform-as-a-service, vulnerabilities inherent to systems which share hardware resources will become increasingly attractive targets to malicious software authors.

This talk first presents a classification of the possible cloud-based side channels which use hardware virtualization. Additionally, a novel side channel exploiting out-of-order-execution in the CPU pipeline is described and implemented.

Finally, this talk will show constructions of several adversarial applications and demo two. These applications are deployed across the novel side channel to prove the viability of each exploit. We then analyze successful detection and mitigation techniques of the side channel attacks.



Similar Presentations: