PrivateCore helps mitigate some side channel attacks in virtualized environments.  Below is a listing of some of the current literature and research describing side channel attacks, particularly in cloud or hosted environments.

  • Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds

    A research paper discussing how to to place a hostile virtual machine (VM) adjacent to a target VM in infrastructure-as-a-service (IaaS) environments and use such placement to attempt cross-VM side channel attacks to extract information from a target VM on the same machine.

    Tags: Side channel, VM, cloud

  • Cross-VM Side Channels and Their Use to Extract Private Keys

    This research paper describes an access-driven side channel attack by which a malicious virtual machine (VM) extracts fine-grained information from a victim VM running on the same physical computer. This attack is the first such attack demonstrated on a symmetric multiprocessing system virtualized using a modern virtual machine manager (Xen).

    Tags: Side channel, VM, cloud

  • “Ooh Aah… Just a Little Bit” : A small amount of side channel can go a long
    way

    This paper describes a cache timing attack to extract information from the OpenSSL ECDSA implementation. The authors demonstrate that with as little as 200 signatures they are able to recover a 256-bit secp256k1 elliptic curve key. This is notably the same curve used in the Bitcoin protocol.

    Tags: Side channel, VM, cloud

  • Cache-timing attacks on AES

    This research paper demonstrates complete AES key recovery from known-plaintext timings of a network server on another computer.

    Tags: Side channel, ECDSA, OpenSSL

  • System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud

    This presentation from a University and Microsoft research describes System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud.

    Tags: Side channel, countermeasures

  • Cache Missing for Fun and Profit

    A research paper highlighting that shared access to memory caches provides an easily used high bandwidth covert channel between threads as well as permitting a malicious thread to monitor the execution of another thread, allowing in many cases for theft of cryptographic keys.

    Tags: Side channel, RSA

  • Software mitigations to hedge AES against cache-based software side channel vulnerabilities

    An Intel Corporation research paper investigates mitigations to protect AES-software against side channel vulnerabilities.

    Tags: Side channel, countermeasures, AES