A virtual machine stealing information from another virtual machine running on the same piece of hardware? That's not supposed to happen. Virtual machines run various tasks on a single computer rather than relying on a separate machine to run each one. The assumption is that one can't eavesdrop or tamper with the other. But now a technique reported in a paper, "Cross-VM Side Channels and Their Use to Extract Private Keys," by Yinqian Zhang of the University of North Carolina, Chapel Hill, and computer scientist colleagues from the University of North Carolina, University of Wisconsin, and RSA Laboratories, suggests a different story.
The researchers said they have completed the first demonstration of a successful side-channel attack on a virtualized, symmetric multiprocessing system, using a
virtual machine manager (VMM).
They said it is possible for one VM to steal the cryptographic keys that are in place to keep data secure from another running on the same physical hardware. This does not paint a happy blue-skies picture for computing facilities that leverage virtualization.
In hours, they recovered the private key for a 4096-bit ElGamal-generated public key using the libgcrypt v.1.5.0 cryptographic library. They extracted the ElGamal decryption key stored on a VM running the GNU Privacy Guard. How it works: Both VMs share the same hardware cache, which stores data for use by the
computer processor. The attacking VM fills the cache in a way that the target VM, which is processing a
cryptographic key, may overwrite some of the attacker's data. By looking at which parts of the cache are changed, the attacking VM learns about the key in use.
