Computer scientists at the University of North Carolina have constructed (pdf) a system whereby a malicious virtual machine is used in a so-called access-driven side-channel attack for the first time.
Running on the Xen hypervisor, the attack succeeded in extracting an ElGamal decryption key from a victim virtual machine using the most recent version of the libgcrypt cryptographic library, the researchers wrote.
It undermines hitherto assumed strong isolation guarantees for VMs on public cloud systems such as Amazon EC2, Microsoft Azure and Rackspace, as well as military multi-level security environments and virtualised enterprise and home desktops.
Traditional access control mechanisms in virtual machine managers that enforce logical isolations between virtual machines many not be sufficient if attackers can circumvent these in side-channel attacks, the researchers said.
The attack, which is described as "difficult" by the researchers only works when both the victim and malicious virtual machines are running on the same physical hardware.
It is the first demonstration of a side-channel analysis attack on a virtualised, symmetrical multi-processing server and allowed the researchers to glean enough cryptographic square and multiply operation fragments from the target to deduce the ElGamal encryption key over several hours.
More practical variants of the side-channel virtual machine attack are expected to become possible after the researchers' succesful demonstration.
To mitigate against attacks like the above, the researchers suggest not siting sensitive virtual machines on the same hardware and instead "air-gap" using separate computers.
Algorithms resistant to side-channel attacks are also proposed by the researchers, as well as changes to the scheduling in virtual machine managers to prevent attack virtual machines from accessing the data caches on target virtual machines.
