Prying CoW: Inferring Secrets Across Virtual Machine Boundaries

Gerald Palfinger; Bernd Prünster; Dominik Ziegler

doi:10.5220/0007932301870197

Prying CoW: Inferring Secrets Across Virtual Machine Boundaries

Gerald Palfinger, Bernd Prünster, Dominik Ziegler

Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Begutachtung

Abstract

By exploiting a side channel created by Copy-on-Write (CoW) operations of modern file systems, we present a novel attack which allows for detecting files in a shared cloud environment across virtual machine boundaries. In particular, we measure deduplication operation timings in order to probe for existing files of neighbouring virtual machines in a shared file system pool. As a result, no assumptions about the underlying hardware and no network access are necessary. To evaluate the real-world implications, we successfully demonstrate the feasibility of our attack on the ZFS file system. Our results clearly show that the presented attack enables the detection of vulnerable software or operating systems in a victim’s virtual machine on the same file system pool with high accuracy. Furthermore, we discuss several potential countermeasures and their implications.

Originalsprache	englisch
Titel	Proceedings of the 16th International Joint Conference on e-Business and Telecommunications
Erscheinungsort	Prague, Czech Republic
Herausgeber (Verlag)	SciTePress - Science and Technology Publications
Seiten	187 - 197
Band	2: SECRYPT
ISBN (elektronisch)	978-989-758-378-0
DOIs	https://doi.org/10.5220/0007932301870197
Publikationsstatus	Veröffentlicht - Juli 2019
Veranstaltung	16th International Joint Conference on e-Business and Telecommunications - Prague, Tschechische Republik Dauer: 26 Juli 2019 → 28 Juli 2019

Konferenz

Konferenz	16th International Joint Conference on e-Business and Telecommunications
Kurztitel	ICETE 2019
Land/Gebiet	Tschechische Republik
Ort	Prague
Zeitraum	26/07/19 → 28/07/19

Zugriff auf Dokument

10.5220/0007932301870197

A-SIT - Zentrum für sichere Informationstechnologie Austria
Stranacher, K., Dominikus, S., Leitold, H., Marsalek, A., Teufl, P., Bauer, W., Aigner, M. J., Rössler, T., Neuherz, E., Dietrich, K., Zefferer, T., Mangard, S., Payer, U., Orthacker, C., Lipp, P., Reiter, A., Knall, T., Bratko, H., Bonato, M., Suzic, B., Zwattendorfer, B., Kreuzhuber, S., Oswald, M. E., Tauber, A., Posch, R., Bratko, D., Feichtner, J., Ivkovic, M., Reimair, F., Wolkerstorfer, J. & Scheibelhofer, K.
21/05/99 → 6/08/20
Projekt: Arbeitsgebiet

Dieses zitieren

Prying CoW: Inferring Secrets Across Virtual Machine Boundaries. / Palfinger, Gerald; Prünster, Bernd; Ziegler, Dominik.
Proceedings of the 16th International Joint Conference on e-Business and Telecommunications. Band 2: SECRYPT Prague, Czech Republic: SciTePress - Science and Technology Publications, 2019. S. 187 - 197.

Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Begutachtung

Palfinger, G, Prünster, B & Ziegler, D 2019, Prying CoW: Inferring Secrets Across Virtual Machine Boundaries. in Proceedings of the 16th International Joint Conference on e-Business and Telecommunications. Bd. 2: SECRYPT, SciTePress - Science and Technology Publications, Prague, Czech Republic, S. 187 - 197, 16th International Joint Conference on e-Business and Telecommunications, Prague, Tschechische Republik, 26/07/19. https://doi.org/10.5220/0007932301870197

@inproceedings{1b3934f8c46e403fa934ab11e5b62100,

title = "Prying CoW: Inferring Secrets Across Virtual Machine Boundaries",

abstract = "By exploiting a side channel created by Copy-on-Write (CoW) operations of modern file systems, we present a novel attack which allows for detecting files in a shared cloud environment across virtual machine boundaries. In particular, we measure deduplication operation timings in order to probe for existing files of neighbouring virtual machines in a shared file system pool. As a result, no assumptions about the underlying hardware and no network access are necessary. To evaluate the real-world implications, we successfully demonstrate the feasibility of our attack on the ZFS file system. Our results clearly show that the presented attack enables the detection of vulnerable software or operating systems in a victim{\textquoteright}s virtual machine on the same file system pool with high accuracy. Furthermore, we discuss several potential countermeasures and their implications. ",

author = "Gerald Palfinger and Bernd Pr{\"u}nster and Dominik Ziegler",

year = "2019",

month = jul,

doi = "10.5220/0007932301870197",

language = "English",

volume = "2: SECRYPT",

pages = "187 -- 197",

booktitle = "Proceedings of the 16th International Joint Conference on e-Business and Telecommunications",

publisher = "SciTePress - Science and Technology Publications",

note = "16th International Joint Conference on e-Business and Telecommunications, ICETE 2019 ; Conference date: 26-07-2019 Through 28-07-2019",

}

TY - GEN

T1 - Prying CoW: Inferring Secrets Across Virtual Machine Boundaries

AU - Palfinger, Gerald

AU - Prünster, Bernd

AU - Ziegler, Dominik

PY - 2019/7

Y1 - 2019/7

N2 - By exploiting a side channel created by Copy-on-Write (CoW) operations of modern file systems, we present a novel attack which allows for detecting files in a shared cloud environment across virtual machine boundaries. In particular, we measure deduplication operation timings in order to probe for existing files of neighbouring virtual machines in a shared file system pool. As a result, no assumptions about the underlying hardware and no network access are necessary. To evaluate the real-world implications, we successfully demonstrate the feasibility of our attack on the ZFS file system. Our results clearly show that the presented attack enables the detection of vulnerable software or operating systems in a victim’s virtual machine on the same file system pool with high accuracy. Furthermore, we discuss several potential countermeasures and their implications.

AB - By exploiting a side channel created by Copy-on-Write (CoW) operations of modern file systems, we present a novel attack which allows for detecting files in a shared cloud environment across virtual machine boundaries. In particular, we measure deduplication operation timings in order to probe for existing files of neighbouring virtual machines in a shared file system pool. As a result, no assumptions about the underlying hardware and no network access are necessary. To evaluate the real-world implications, we successfully demonstrate the feasibility of our attack on the ZFS file system. Our results clearly show that the presented attack enables the detection of vulnerable software or operating systems in a victim’s virtual machine on the same file system pool with high accuracy. Furthermore, we discuss several potential countermeasures and their implications.

U2 - 10.5220/0007932301870197

DO - 10.5220/0007932301870197

M3 - Conference paper

VL - 2: SECRYPT

SP - 187

EP - 197

BT - Proceedings of the 16th International Joint Conference on e-Business and Telecommunications

PB - SciTePress - Science and Technology Publications

CY - Prague, Czech Republic

T2 - 16th International Joint Conference on e-Business and Telecommunications

Y2 - 26 July 2019 through 28 July 2019

ER -

Prying CoW: Inferring Secrets Across Virtual Machine Boundaries

Abstract

Konferenz

Zugriff auf Dokument

Fingerprint

Projekte

A-SIT - Zentrum für sichere Informationstechnologie Austria

Dieses zitieren