[libvirt] memory-ballooning side-channel attack
bancfc at openmailbox.org
bancfc at openmailbox.org
Sun Jan 8 18:12:33 UTC 2017
On 2016-12-27 03:51, bancfc at openmailbox.org wrote:
> Hello and Happy Holidays,
>
> In the past few years many serious attacks against the memory
> deduplication (KSM) feature of all hypervisors have been shown. [1]
> Even allowing attackers to modify/steal APT keys and source lists on
> the host. [2] Since its not enabled by default the fall out is
> relatively low and easily mitigated.
>
> New side-channel attacks against memory-ballon enabled VMs are
> beginning to surface. Please consider documenting this and disabling
> this feature for newly created VMs to have safe defaults.
>
> [1] https://staff.aist.go.jp/c.artho/papers/EuroSec2011-suzaki.pdf
> [2]
> https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_razavi.pdf
> [3] http://ieeexplore.ieee.org/document/7562068/
>
> *Hint: If you can't see the IEEE paper use sci-hub.
Bumping. I realized I post this in holiday season when it was easily
missed.
More information about the libvir-list
mailing list