On x86 multi-core covert channels between co-located Virtual Machine (VM) are real and practical thanks to the architecture that has many imperfections in the way shared resources are isolated.
This talk will demonstrate how a non-privileged application from one VM can ex-filtrate data or even establish a reverse shell into a co-located VM using a cache timing covert channel that is totally hidden from the standard access control mechanisms while being able to offer surprisingly high bps at a low error rate.
In this talk you'll learn about the various concepts, techniques and challenges involve in the design of a cache timing covert channel on x86 multi-core such as:
An overview of some of the X86 shared resources and how we can use / abuse them to carry information across VMs. Fundamental concept behind cache line encoding / decoding. Getting around the hardware pre-fetching logic ( without disabling it from the BIOS! ) Data persistency and noise. What can be done? Guest to host page table de-obfuscation. The easy way. Phase Lock Loop and high precision inter-VM synchronization. All about timers.