1. resource sharing among distrusful customers
cross VM side-channels attack
proof-of-concept attack: attacker and victim sharing the same core, attacker try to wake-up as frequently as possible, fill the instruction cache, let the victim run (which use a portion of cache), then wakeup again and measure the performance of previousely cached data. (so that how victim uses cache is learned). This could enable you to learn the secret key of the victim
For multi-core attacking: force shedular to re-schedular frequenctly, so you end up getting the same core with the victim a lot
DNA reassemble technique used to go from partial, noised secret key to complete secrete key
2. pricing of fine-grained sources
performance variies with different type of cpus, and network performance vary too, so not very predictable.
either predictable but low performance, or high but unpredictable performance
loss comes from workload contention (Zen does good job in cpu performance isolation, but so greate for memory, disk or network. but not much Zen can do anyway)
thus uniform of abstraction fails
and attackers have opportunities to interfere with other's workload
a. placement gaming:
start multiple instances and shut the ones which perform worse
when seeing bad performance, just shut the vm and launch a new one
b. resource freeing attack:
attacker and victim both run apache on the same physical machine, and both want more bandwidth
attacker could request a lot of dynamic pages from the victim, which is cpu intensive, and when the victim is busy processing these requests, bandwidth is free for the attacker to use
没有评论:
发表评论