Fine grain Cross-VM Attacks on Xen and VMware (AES)

Peter Gutmann pgut001 at cs.auckland.ac.nz
Wed Apr 23 09:19:30 PDT 2014


Griffin Boyce <griffin at cryptolab.net> writes:

>'AES in a number popular cryptographic libraries including OpenSSL, PolarSSL
>and Libgcrypt are vulnerable to Bernstein’s correlation attack when run in
>Xen and VMware virtual machines, the most popular VMs used by cloud service
>providers.'

That's just another proof of the inverse of Law #1 of the 10 Immutable Laws of
Security, "If a bad guy can persuade you to run his program on your computer,
it’s not your computer any more".  The inverse is the Immutable Law of Cloud
Computing Security, "If a bad guy can persuade you to run your program on his
computer, it’s not your program any more".

Peter.



More information about the cypherpunks mailing list