HAL will be down for maintenance from Friday, June 10 at 4pm through Monday, June 13 at 9am. More information
Skip to Main content Skip to Navigation
Conference papers

Efficient Identification of Applications in Co-resident VMs via a Memory Side-Channel

Abstract : Memory deduplication opens a side-channel that enables attackers to detect if there is a second copy of a memory page on a host their Virtual Machine (VM) is running on, and thus to gain information about co-resident VMs. In former work, we presented a practical side-channel attack that can even detect which specific versions of applications are being executed in co-resident VMs. In this paper, we enhance this attack by testing for representative groups of pages for certain groups of application versions, so-called page signatures, instead of testing for a single application version only. As a result, our new attack is significantly more efficient. Our results indicate that the attack duration can be reduced from several hours to minutes at the cost of a small loss in precision only.
Document type :
Conference papers
Complete list of metadata

Cited literature [15 references]  Display  Hide  Download

https://hal.inria.fr/hal-02023744
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Thursday, February 21, 2019 - 4:57:02 PM
Last modification on : Friday, November 20, 2020 - 4:26:02 PM
Long-term archiving on: : Wednesday, May 22, 2019 - 4:30:39 PM

File

472722_1_En_18_Chapter.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Jens Lindemann, Mathias Fischer. Efficient Identification of Applications in Co-resident VMs via a Memory Side-Channel. 33th IFIP International Conference on ICT Systems Security and Privacy Protection (SEC), Sep 2018, Poznan, Poland. pp.245-259, ⟨10.1007/978-3-319-99828-2_18⟩. ⟨hal-02023744⟩

Share

Metrics

Record views

63

Files downloads

44