Researchers have revealed a new attack technique called VMScape that can break the security barriers between virtual machines and the systems that host them. This discovery is substantial because virtualization forms the backbone of today’s cloud computing environment, where multiple customers often share the same physical hardware.
How the attack works
Modern processors use a performance trick known as speculative execution, where the CPU guesses the next steps of a program before it is certain. While this speeds up computing, past incidents like the Spectre vulnerability have shown that attackers can manipulate this feature to gain access to protected information.
VMScape builds on this concept. Instead of targeting an individual application, it allows a malicious virtual machine to influence how the host hypervisor, the software that manages multiple virtual machines, makes predictions during execution. By carefully crafting these interactions, attackers can cause the hypervisor to briefly access secret data, such as encryption keys, which then leaves behind subtle traces in the processor’s memory cache. The attacker can measure these traces and piece together the stolen information.
The researchers focused on QEMU, a widely used hypervisor component. By training the processor’s branch prediction structures, a malicious VM can trick QEMU into speculatively executing instructions that leak information. To make the attack more reliable, the team dev
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: