Public Cloud Cross-Channel VM Attack

Looks like there’s a new VM cloud attack… We wouldn’t abandon the cloud just yet though. It only seems to affect certain versions of Xen and a simple patch to its libgcrypt library fixes the vulnerability. But it does raise the issue that other vulnerabilities probably exist in disparate areas of Xen, VMware, and other products that multi-tenet virtual cloud providers use to isolate VMs from one another.

via DarkReading.com

A group of researchers has developed a side-channel attack targeting virtual machines that could pose a threat to cloud computing environments.

The attack is described in a paper entitled “Cross-VM Side Channels and Their Use to Extract Private Keys,” authored by Yinqian Zhang, a PhD. student at the University of North Carolina at Chapel Hill; UNC professor Michael K. Reiter; Thomas Ristenpart, an assistant professor at University of Wisconsin-Madison; and Ari Juels, chief scientist at EMC’s RSA security division.

According to the paper, the group was able to demonstrate an attack in a lab environment that allowed a malicious virtual machine (VM) to extract a private ElGamal decryption key from a co-resident virtual machine running Gnu Privacy Guard, which implements the OpenPGP email encryption standard.

Continued here.

#####

Were you aware of this cross-VM cloud attack? Post your comments below. Today’s post pic is from Wired.com.

3 comments for “Public Cloud Cross-Channel VM Attack

  1. November 5, 2012 at 10:49 am

    BLOGGED: Public Cloud Cross-Channel VM Attack http://t.co/OQtEtib5

  2. November 5, 2012 at 4:14 pm

    BLOGGED: Public Cloud Cross-Channel VM Attack http://t.co/OQtEtib5 //Problems with multi-tenet clouds..

  3. November 5, 2012 at 4:14 pm

    BLOGGED: Public Cloud Cross-Channel VM Attack http://t.co/qaDN5JRl //Problems with multi-tenet clouds..

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.