Security Cloud

Tewfiq El Maliki, HES-SO

VM vs BM and Risk management

• You should consider VM cloud for highly dynamic workloads

• Application that spins up and down rapidly

• Application is sensitive to performance, bare metal can be unbeatable

• Resources dedicated to a single customer

• Greater processing power and input/output operations per second (IOPS)

• More consistent disk and network I/O performance

• Quality of Service (QoS) that guarantees elimination of the noisy neighbor

problem in a multitenant environment.

• Risk management is a must in the Cloud environment

2

Memory sharing

3

• Shared memory

• Inter-CPU

• Inter-VM

Memory sharing

• Mechanism to optimize the overall memory of the system

• Shared text segments

• Shared libs

• Memory de-duplication

• Considered save and equivalent to no sharing

4

Memory sharing : L3 Cache

• Memory is slower than the processor

• The cache utilizes locality to bridge the gap

• Divides memory into lines

• Stores recently used lines

• Shared caches improve performance for

multi-­core processors

5

Common Intel CPU

Core 0

L1 cache

L2 cache

Core 1

L1 cache

L2 cache

Core 2

L1 cache

L2 cache

Core 3

L1 cache

L2 cache

Shared L3 cache

Memory

Cache coherence

• Memory and cache can be in inconsistent states

• Rare, but possible

• Solution: Flushing the cache contents

• Ensures that the next load is served from the memory

6

Side Channel Attacks

7

0Attacker • Using electromagnetic radiation (emission of waves, analysis of a

thermal image, light emitted by a screen)

• Power consumption

• Acoustic waves analyses

Channel A B

Side Channel Attacks

8 From https://commons.wikimedia.org/w/index.php?curid=9762288

• Measurements of Power

• RSA : be mod N (p*q) if bit 1= the processing is longer

0 1

Attack strategy : Flush and reload

• Forcing a bit of code in the victim process out of the L3 cache,

• Waiting a bit, then

• measuring the time it takes to access the code.

• If the victim process executes the code while the spy process is waiting,

• it will put back into the cache, and the spy process's accessing code will be fast.

• If the victim process doesn't execute the code,

• it will stay out of the cache, and the spy process's access will be slow.

• So, by measuring the access time, the spy can tell whether or not the

victim executed the code during the wait interval.

9

RSA

• RSA is a public key cryptographic scheme

• The main opera6on is modular

• exponentiation, i.e. calculating

• be mod n

• The exponent e used for decryption

and for signing is secret

10

RSA Example of simple Exp

3^20 mod 23 =? b^e mod 23

i 4 3 2 1 0

ei 1 0 1 0 0

c = 2c & x=x^2 c 1 2 5 10 20

if ei = 1 c=c+1

x=x*b 3 9 13 8 18 11

Scans the exponent

from the MSB to the LSB

• For clear bits does

Square­‐Reduce

•For set bits does

Square-­‐Reduce

-­‐ Multiply-­‐Reduce

Time measurements of probes

12

Implementation of the attack

• It shows that it is not safe to use GnuPG on multi-user systems.

However, it is not limited to GnuPG.

• Compression: Learn partial or complete contents of the file(s) being

compressed/decompressed.

• SSH: Extract the secret keys used for public-key authentication when a

user connects to an SSH server.

• SSL: In a shared-hosting environment, get other users' private keys. Or,

worse, get the hosting provider's private key.

• Observe the main() function of common binaries like 'ls', 'cat', 'cd', to get

a rough idea of what another user is typing into their terminal.

• Code that runs when the mouse is moved, clicked, or hovered.

13

Lost of bit during attack

14

Mitigation

• It is hard to limit the extent of sharing. E.g. “read-­‐only” is more than

read only.

• Use constant-­time implementations of cryptographic primitives.

• Apply the principle of least privilege

• Definition of what it means for a system's user isolation to be secure.

The property is called "Perfect Isolation" and is similar to the definition

of perfect secrecy from cryptography:

• Perfect Isolation: Suppose Alice and Bob are users of a system. Give Alice a

random bit. Have Alice try to tell Bob the bit. Have Bob try to receive the bit. The

system has Perfect Isolation if Bob cannot guess the bit with greater than 1/2

probability.

15

RowHammer attack

16

Rowhammer Attacks

• Memory DRAM functioning

• Contains Programs and data

• Dynamic Random Access Memory

• Refresh each ~60ms

17

Programs repartition

18

Memory : How it work?

19

Memory : How it work?

20

Memory : Leakage

21

• If we repeat the seeking of the

same memory, we can leak bits

adjacent memory

• Bit may Flip

Memory : Leakage

22

• The capacitor are

influenced by the

adjacent changing

state

Bit permission

flipted

DRAM ?

23

• Capacitors and transistors

• Electromagnetics coupling between

rows

• Memory scan for useful bit flips

• Uncached memory access

• clflush

24

Y

X 1 1 1 1 1 1 1 1 1

1 1 1 1 1 1 1 1 1

1 1 0 1 1 0 1 1 1

1 1 0 1 1 1 1 0 1

Is it deterministic?

• Is it random or deterministic ?

• What is the probability to appear a bit flip error?

• What is the errors rate?

25

Why DRAM leakage

26

• But New DRAM4

are protected

How often the refreshing?

27

Solutions

• Sophisticated EEC-DRAM Cost and Energy

• Refresh frequently Power, Performance

• Make better DRAM chips Cost

28

Memory deduplication

• Method used to reduce memory usage

• Overcome memory demands and run more VMs

29

Victim Attacker

111111

111111

111111

111111

1

111011

111111

111111

111111

1

Virtualization Host

111111

111111

111111

Victim Attacker 111111

111111

111111

111111

111111

111111

111001

111111

Virtualization Host

111111

111111

111111

111111

111111

111001

111111

1 Physical Memory Physical Memory

Example of Attacks : Flip Feng Shui

• OpenSSH : target : ~/.ssh/authorized_keys

• Flip a bit reconstruct the private key and log-on again

30 Rowhammer attack

Attacks : How it work?

31

• The capacitor are

influenced by the

adjacent changing

state