Slashdot Mirror
Using Memory Errors to Attack a Virtual Machine
gillus writes "A very cool scientific paper from Appel and Govindavajhala that explains how virtual machines like java or .Net can be exploited. How? Quite simple, bomb your DRAM chip with X-rays... or more simply with 50-watt spotlight, as the authors demonstrate. Definitively worth a read!"
Funny to see this here -- I (and Sun) know all too well about this phenomenon, but I am bound to relative secrecy by NDA.
./!
So, I can't share my team's research results that clearly show that this is a bigger problem than most raders probably realize. Nor can I share the steps (advanced ECC, logic-BIST, etc) we're taking to prevent this before it gets well-known enough to be a problem.
But I can say: this is indeed a scoop, way to go
everything in moderation
If we have physical access or full system access why not just change the JVM code letting us do whatever we want? and if u just wanna stop it and you have full privildges why not just shut the system down? and if we got physical access why not just pull the power plug? This would be usefull if it didn't need full access or physical access.
There's nothing stopping you from accessing smartcards if you are determined enough and don't care about the physical state of the chip afterwards, just look at the guy who broke MS's xbox code, one of the steps he used was to etch away the chip covering to get at the actual chip. Now this attack may work better if you are a spy who wants to steal an access card, get the data off and return the card, but for most attacks the brute force method works almost as well.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
If the air conditioner went out at midnight, most system administrators wouldn't know until the morning.
I used to be a narrator for bad mimes. (wright)
Just a guess, but I have sure had my share of EMI and radiation induced problems.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
Page 7, Paragraph 3:
"To attack machines without physical access, the attacker can rely on natural memory errors."
This paper showed some means an attacker could physically cause a memory error, but it never said that such intervention was required to stage the attack. My guess is that this would be most useful with those "low load" ram chips that ran on slashdot a while back.
Anybody remember the User Mode Linux VM escape exploit?
Seems more elegant than nuking your machine.
At DefCon X, Gobbles announced a simmiler vulnerability in vmware, though no exploit or advisory has been released so far. For anyone that assumes they're just fear mongering, They also announced the zero day apache bug there, which I'm sure you all remember.
Pain lasts, kid. Its how you know you're alive. Sometimes I think this growing up thing is just pain management-TheMaxx
Didn't you notice that the talks/ directory serves a page which is:
"
HTML composed using mozilla 0.9.9 on a Redhat Linux 8.0 machine. Best viewed in any browser
"
So _obviously_ the guy's interested in making sure that _everyone_ can read his work. It's just a shame that he seemed to forget that when writing up all his work. Duh!
Anyway, the Powerpoint file viewer that I use under linux is called "strings". Amazingly it sometimes even works!
YAW.
Your head of state is a corrupt weasel, I hope you're happy.
Um... no. The paper states that if a single-bit error can be induced, then the probability that this single-bit error will then allow the exploiting program to execute arbirary code (as opposed to causing the OS or the VM to crash, etc) is 70%.
So, keep in mind that there are two components to this exploit: 1) writing a program that takes advantage of single-bit errors to execute arbitrary code, and 2) wait for cosmic rays or direct some radiation yourself at the hardware to induce soft errors. The effectiveness depends largely on how quickly/reliably you can induce such errors w/out crashing the machine in the process.
Maybe the techniques for programming the exploit program described here are well known to more experienced programmers, but I found the article extremely interesting and enlightening. I've been taught for years about the superiority of Java's type system as a security measure, and I know that a lot of theoretical work and proofs have been done to show that Java's type system is secure, but this exploit manages to get around the type safety with such a simple trick that I'm kicking myself for not having seen it myself. It's almost elegant, the way they get it done.
One time on holiday with my cousins, we got the electric gas lighter for the cooker (makes a spark to light the gas, hand held) and brought it to the local arcade.
:)
By removing the top off it we would zap all the screws on the machines until something happened.
Battlezone seemed to give us loads of free games
"One commodore 64 demo program (just a few POKE statements)..."
h ackers /1/1505.html
You're not thinking of the Commodore PET "urban legend" are you?
C64 != PET. PET != C64. Don't let the big long "Commodore" word confuse you.
For more info on the blow-up-your-PET story, try:
http://www.softwolves.pp.se/misc/arkiv/cbm-
YAW.
Your head of state is a corrupt weasel, I hope you're happy.
Sorry, I am used to seeing regular static memory chips marketed as being "smart cards", I did not realize that there was an actual secure version of the things. Buzzwords got to me. ^_^
Any encryption can still be broken through though brute force.
Hmm, from the first site you linked to;
----http://smartcard.nist.gov/faq.html
Yah, and we all know how secure those are! Yup, DSS security has never been bypassed once!
Need help treating your acne? Come here!
This is good stuff. Although the experiment used physical access to stress the memory, the theory could be used as an exploit in real situations in ways that the narrow of mind (like me) cannot conceive.
Perhaps this is not a method of practical attack on a machine. But it may be just a matter of creative thinking.
The key take away is to not disallow the possiblity.
Threats you discard as harmless is a logical place for an attacker to begin. Remeber the Maginot line.
I expect posters to not read the article (well, ppt), but even the submitter didn't read it?
The article does mention x-rays, saying "not enough energy to change a DRAM capacitor." Yet everyone talks about x-rays...
I found the phrase from the article "screw driver to remove hard drive" amusing when I first read it. Then I realized they meant "screwdriver". I thought initially they were referring to a DOS attack by corrupting the device driver!
>What you really need for a physically secure device is an IBM 4758 CryptoCard.. of course, for it to be useful, you need it protected against key recovery attacks.
That card still isn't invulnerable against being picked apart by electron scannining micrographs and other handy (expensive) physical analysis.
You might consider this impractical, but this is exactly how certain digital TV services in Europe has competed, by hacking each other's cards at any expense.
The only true way to have a secure system is to make it two way, or use a one time pad. That way they need to break into the uplink facility as well as into a consumer receiver...
If you could be told what you can see or read, then it follows that you could be told what to say or think - BoC
If that doesn't work, Adobe has an online converter you can use to view the pdf as html.
It is often questioned on this site as to why spacecraft do not use the latest/greatest computing equipment available. It is because the flight-capable designs have proven themselves tolerant of harsh environments, including alpha/beta/X radiation. (And other things, like low power consumption, heat generation, etc.)
It would be nice to know that a smart card with all of my personal information could survive the places my wallet has been. I need quad redundancy and forward error correction in my pocket!
Ahhh, now that brings back memories! Core Wars... a game in which computer programs are purposely designed to destroy one another. Also, unsurprisingly, a lot of the earliest core wars "servers" were just havens for a LOT of the earliest generations of virus writers.
Too bad the trend started to eventually become "crack a computer somewhere and play Core on it, cause it's easier than setting up and securing your own box every time." Whoever was able to infect the target to the greatest effect (without fatally crashing it) "won".
There were even a few (usually pretty lame) attempts at playing on internal networks using network oriented exploit and breeder packages. However, two or three of the somewhat nastier (but really obvious and easy to eradicate) unix virii strains came from those sessions, iirc...
OTP is mathematically 100% secure, but not practically.
A couple of these problems are constant no matter what type of cypher you use, but some of them are solved by other forms of encryption; but they fit the opposite criteria: they are not mathmatically 100% secure, but they can be practically secure.
NO CARRIER
at least you did not do the Power/ENergy thing this time
:)
... there's some interesting research coming out. Nobody knows if it'll lead to an attack.
Make one little mistake, they never let you forget it.
Just an interesting question: That number you used to indicate the minimum amount of energy to flip (or reset) a bit. Any references on that?
Sure. The Boltzmann Constant, 1.38 * 10**-23 joules per Kelvin, is the fundamental relationship between temperature and energy. You can think of it as, "this is a quanta of energy at a given temperature". (It's not, and physics majors the world over are now marching on my house with pitchforks and torches. But I don't have time to explain fully.) So if you're running your computer at 3.2K, the ambient temperature of the universe, you can think of the minimum energy as being 4.4 * 10**-23 J. (I may have listed it earlier as 4.4 * 10**-26 J; if I did, I was misremembering the Boltzmann constant.)
So your chips require a certain amount of energy to set each bit (really, to erase information in each bit--but that's splitting hairs at this point), and that energy can't be below 4.4 * 10**-23 joules.
(Yes, you could drop the temperature of the computer to a few nanokelvins, and thus drop the energy required to set the bits... but then you'd have to supply extra energy to run the heat pump, bringing the total cost back up.)
what is your opinion on the security of AES, in particular of Rijndael in comparison to Blowfish and Serpent?
First, my cryptanalysis is rusty: I know enough to follow the papers, but I'm absolutely not on the cutting-edge of research. That said, I'm not especially fond of any of the AES candidates, not at this point in time. AES/Rijndael looks good, but it doesn't have much safety margin in it. Already we're seeing cryptanalytic results against it--I'm not going to say attacks, but
I don't know enough about Serpent to make an informed statement about the cryptanalytic results against it. I stopped following Serpent after Rijndael was selected for AES. I vaguely recall some of the latest AES research also applies to Serpent, but... check that one before you rely on it.
Re: Blowfish... I'm damn fond of the fish. It's been out for just a little under a decade, with no significant cryptanalytic results to it. With just a few equivocations, I'd actually recommend it above 3DES. 3DES has a much longer history of turning brilliant cryptanalysts into burned-out alcoholic wrecks, but... DES is a very complex algorithm. It's so complex that it's damnably hard to implement DES right. (I know; I've had to code 3DES on multiple occasions. I've put coworkers on notice that I refuse to do it again.) But Blowfish is extremely sexy, so much so that it can be succinctly described in about 50 lines of LISP. So on the grounds that Blowfish has an impressive cryptanalytic record, and is far simpler to implement correctly... I'd actually recommend Blowfish as my favorite cipher today.