Memory deduplication opens a side-channel that enables attackers to detect if there is a second copy of a memory page on a host their Virtual Machine (VM) is running on, and thus to gain information about co-resident VMs. In former work, we presented a practical side-channel attack that can even detect which specific versions of applications are being executed in co-resident VMs. In this paper, we enhance this attack by testing for representative groups of pages for certain groups of application versions, so-called page signatures, instead of testing for a single application version only. As a result, our new attack is significantly more efficient. Our results indicate that the attack duration can be reduced from several hours to minutes at the cost of a small loss in precision only.
CITATION STYLE
Lindemann, J., & Fischer, M. (2018). Efficient identification of applications in co-resident vms via a memory side-channel. In IFIP Advances in Information and Communication Technology (Vol. 529, pp. 245–259). Springer. https://doi.org/10.1007/978-3-319-99828-2_18
Mendeley helps you to discover research relevant for your work.