Slashdot Mirror

← Back to Stories (view on slashdot.org)

Using Memory Errors to Attack a Virtual Machine

Posted by michael on from the no-one-is-safe dept.

gillus writes "A very cool scientific paper from Appel and Govindavajhala that explains how virtual machines like java or .Net can be exploited. How? Quite simple, bomb your DRAM chip with X-rays... or more simply with 50-watt spotlight, as the authors demonstrate. Definitively worth a read!"

8 of 247 comments (clear)

  1. Re:This just in! by smallpaul · · Score: 5, Informative

    Reports are sketchy at present, but we're being led to believe that it's easy to compromise a machine to which you have physical access!

    Bet you didn't even read the abstract. Here's the relevant bit:

    Our attack is particularly relevant against smart cards or tamper-resistant computers, where the user has physical access (to the outside of the computer) and can use various means to induce faults; we have successfully used heat.

  2. Secrecy my arse. by Gordonjcp · · Score: 4, Informative
    It's been known for a *very, very* long time that semiconductors are light sensitive. It's been known for a reasonably long time that the tiny capacitors that make up dynamic RAM are very sensitive to light. In fact, there was a project in Byte magazine in the late 1970s that used a 4116 DRAM chip with the top cut off as a black-and-white CCD camera. It worked remarkably well.


    Using bit errors to flake out machines, where there is no parity or other error checking, is very far removed from "secret tinfoil hat" stuff. Why do you think chips are packed in black epoxy?

  3. Re:*.ppt by metlin · · Score: 4, Informative

    A non-animated PDF version here.

    Link is valid for 7 days :-)

  4. Re:This just in! by arvindn · · Score: 4, Informative
    If somebody intent on breaking through the smart card's security has access to the smart card, then sooner or later the security WILL be broken.
    Get a clue. The whole point of a smart card is to keep the data safe even in the event of physical tampering. For this purpose, the processor of a smart card is enclosed in a black box which will chemically self-destruct if you try to tamper with it. Much research on smart cards goes into ensuring that security can not be broken in spite of physical access.

    Some pointers:

  5. Re:This just in! by Large+Green+Mallard · · Score: 3, Informative

    Smart Cards will protect themselves to some extent, but the oft quoted voltage draw analysys is something they can't protect against..

    What you really need for a physically secure device is an IBM 4758 CryptoCard.. of course, for it to be useful, you need it protected against key recovery attacks.

  6. Re:This just in... by BusterB · · Score: 3, Informative

    In a color TV, there are three types of phosphors, red, green and blue. The electron guns (or gun in a trinitron) must be aligned so that they hit the correct phosphors. Otherwise, the colors look off. The guns are typically aligned with an appeture mask or grille, which snaps the electron streams into place above their respective phosphors.

    A black-and-white TV has only one type of phosphor, so it is not as important that the electron streams hit the correct, absolute position on the screen. The screen is uniformly coated, and I don't believe there is an appeture screen on these types of screens.

    So, what happens when you hold a magnet to the screen? For one, you deflect the electron streams, so you get a temporarily distorted image, and the colors are off because the electron streams are pointing to the wrong phosphors. With B/W, it just doesn't matter; a phosphor is a phosphor.

    Additionally, a powerful magnet can permanently distort or magnetize the metal appeture mask/grille, causing permanent damage the the screen's ability to align electron streams to the appropriate phosphors.

    And that's it. I may have misspelled appeture. Oh well.

  7. Re:End of Slashdot by zulux · · Score: 3, Informative


    Just to infoome people who may not know:

    The file loads just fine in OpenOffice.

    OpenOffice is available free (beer and speech) at OpenOffice.org for Windows, Linux, MAC OS X, FreeBSD and Solaris.

    I'm sure Apple's Keynote works as well.

    --

    Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.

  8. Re:This just in! by rjh · · Score: 4, Informative

    Any encryption can still be broken through though brute force

    <sigh> You know, I answered just this same question yesterday... </sigh>

    As a thermodynamic minimum it takes 4.4 * 10**-26 joules to set a bit. (Well, it takes that much to erase one bit of information. But that's quibbling.) So multiply that by 256, for the number of bits in an AES key, and you get 1.1 * 10**-23 joules to store a key.

    Now multiply this by 2**255, which is the number of AES keys you'd have to try to break it by brute force (on average). You get 6.4 * 10**53 joules of energy needed.

    The total annual energy output of the Sun is on the order of 10**34 joules. Multiply that by 10**10 to compute the total energy release over the Sun's entire lifespan (yes, this is a nasty kludge of an estimate, I know the Sun's energy output varies) and you get 10**44 joules of energy.

    Which means you've only exhausted one billionth of the damn keyspace.

    No, you can't break any encryption through brute force. There just isn't enough energy in the universe to do it, even positing thermodynamically-perfect computers operating at 3.2K.