When using shared resources, one is able to modulate data into the usage pattern. This is bad.
The other day i thought a bit on how to extract information from a vault qube.
The first thing that came to my mind:
“If i utilize the CPU in qube A, i may be able to detect that in qube B by measuring the time when qube B is rescheduled. I should be able to transmit information over this channel.”
Sure: The adversary need to have RCE in both qubes, but think big. Think supply chain attack for example.
Before i got to write a POC i used my favorite search engine and sure enough i am not the first to come up with that idea. Here is a POC.
I have not attempted to use this in qubes.
A few questions:
- How does the xen hypervisor schedule? Does scheduling change when load changes? My suspicion: Yes.
- What other side channels could be utilized? caches might be covered by existing mitigation, but maybe RAM or PCI devices?
- What are our mitigations?
Things anybody can do now:
Pause critical qubes like password vaults when not in use.
I cannot think of one solution that would fit all without impacting performance in an extreme way, so maybe the best approach would be to monitor ressource usage of domUs and try to detect patterns.
If the attacker cranks down SNR to avoid detection this would make the attack much harder to detect, but take much longer. This might be a worthwhile thing to explore in addition to pausing. May also detect something like Rowhammer.
What are your thoughts on this?