Virtuelle systemer er stadigt alt for usikre til følsomme data

Organisationer, der opbevarer personfølsomme oplysninger, bør i høj grad undgå virtuelle systemer, containere og andre delte platforme. Dette inkludrer Google Cloud, AWS, Microsoft Azure, Hyper-V, Xen, ESXi og andre tilsvarende produkter.

I artiklen https://arxiv.org/abs/1901.01161 af Gruss, et al fortælles om hvordan de såkalde page caches kan misbruges af angribere, der har adgang til det samme hardware.

Disse afsløringer følger de seneste sikkerhedsfejl i Intel, AMD og ARM chips, der viser, at it-sikkerhed har utroligt langt endnu.

We present a new hardware-agnostic side-channel attack that targets one of the most fundamental software caches in modern computer systems: the operating system page cache. The page cache is a pure software cache that contains all disk-backed pages, including program binaries, shared libraries, and other files, and our attacks thus work across cores and CPUs. Our side-channel permits unprivileged monitoring of some memory accesses of other processes, with a spatial resolution of 4KB and a temporal resolution of 2 microseconds on Linux (restricted to 6.7 measurements per second) and 466 nanoseconds on Windows (restricted to 223 measurements per second); this is roughly the same order of magnitude as the current state-of-the-art cache attacks. We systematically analyze our side channel by demonstrating different local attacks, including a sandbox bypassing high-speed covert channel, timed user-interface redressing attacks, and an attack recovering automatically generated temporary passwords. We further show that we can trade off the side channel’s hardware agnostic property for remote exploitability. We demonstrate this via a low profile remote covert channel that uses this page-cache side-channel to exfiltrate information from a malicious sender process through innocuous server requests. Finally, we propose mitigations for some of our attacks, which have been acknowledged by operating system vendors and slated for future security patches.

Skift til proaktiv

Vi kan hjælpe med en it- og forretnings-strategi der tager højde for disse risici og reducerer behovet for panikløsninger.

Kontakt Alex fra Holst Sikkerhed, hvis din organisation vil bruge energi på noget mere spændende end paniske sikkerhedsrettelser.