Fine grain Cross-VM Attacks on Xen and VMware (AES)
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Apr 23 09:19:30 PDT 2014
Griffin Boyce <griffin at cryptolab.net> writes:
>'AES in a number popular cryptographic libraries including OpenSSL, PolarSSL
>and Libgcrypt are vulnerable to Bernstein’s correlation attack when run in
>Xen and VMware virtual machines, the most popular VMs used by cloud service
>providers.'
That's just another proof of the inverse of Law #1 of the 10 Immutable Laws of
Security, "If a bad guy can persuade you to run his program on your computer,
it’s not your computer any more". The inverse is the Immutable Law of Cloud
Computing Security, "If a bad guy can persuade you to run your program on his
computer, it’s not your program any more".
Peter.
More information about the cypherpunks
mailing list