Etienne Martineau - Inter-VM data exfiltration: The art of cache timing covert channel on x86 multi-core

Materials Available here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Etienne-Martineau-Inter-VM-Data-Exfiltration.pdf Inter-VM data exfiltration: The art of cache timing covert channel on x86 multi-core Etienne Martineau Software engineer, Cisco Systems On x86 multi-core covert channels between co-located Virtual Machine (VM) are real and practical thanks to the architecture that has many imperfections in the way shared resources are isolated. This talk will demonstrate how a non-privileged application from one VM can ex-filtrate data or even establish a reverse shell into a co-located VM using a cache timing covert channel that is totally hidden from the standard access control mechanisms while being able to offer surprisingly high bps at a low error rate. In this talk you'll learn about the various concepts, techniques and challenges involve in the design of a cache timing covert channel on x86 multi-core such as: An overview of some of the X86 shared resources and how we can use / abuse them to carry information across VMs. Fundamental concept behind cache line encoding / decoding. Getting around the hardware pre-fetching logic ( without disabling it from the BIOS! ) Data persistency and noise. What can be done? Guest to host page table de-obfuscation. The easy way. Phase Lock Loop and high precision inter-VM synchronization. All about timers. At the end of this talk we will go over a working VM to VM reverse shell example as well as some surprising bandwidth measurement results. We will also cover the detection aspect and the potential countermeasure to defeat such a communication channel. The source code is going to be release at that time on 'github' Etienne holds bachelor's degree in electrical engineering from University Laval at Quebec and is currently a senior technical leader at Cisco Systems. He has over 15 years' mission critical Linux in telecom and space industry experience. His career has covered broad range of high performance / high availability hardware and software technologies, system level architecture and since 2008 a very special focus on the KVM hypervisor. He likes to work on complex and challenging problems but when not working, he likes to spend time with his family and during the night hack virtual machines or rebuild car engines.

There are no comments yet.

Please log in to write the first comment.