[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fine grain Cross-VM Attacks on Xen and VMware (AES)



Griffin Boyce <[email protected]> writes:

>'AES in a number popular cryptographic libraries including OpenSSL, PolarSSL
>and Libgcrypt are vulnerable to Bernsteinâ??s correlation attack when run in
>Xen and VMware virtual machines, the most popular VMs used by cloud service
>providers.'

That's just another proof of the inverse of Law #1 of the 10 Immutable Laws of
Security, "If a bad guy can persuade you to run his program on your computer,
itâ??s not your computer any more".  The inverse is the Immutable Law of Cloud
Computing Security, "If a bad guy can persuade you to run your program on his
computer, itâ??s not your program any more".

Peter.