Virtual Machine Security Melts In the Heat of Attack

Sudhakar Govindavajhala and Andrew W. Appel presented a paper at the 2003 IEEE Symposium on Security Privacy that demonstrates a method of defeating security of virtual machine products such as Microsoft Virtual Machine (VM), as well as Sun and IBM Java VMs. By using nothing more than a heat lamp, the men discovered that they could flip bits in memory chips, thereby causing their own untrusted code to run within the VM.

In the paper, the men point out that it's a well-known fact that heat can cause electronic equipment to fail. For example, excessive heat can cause memory-chip errors, which the team relied on to defeat VM security. The team focused heat from a heat lamp on the memory chips, to generate errors that resulted in flipped bits. The pair stated in their paper that, "We show that when the attacker is allowed to provide the program to be executed, he can design a program such that a single-bit error in the process address space gives him a 70% probability of completely taking over the JVM to execute arbitrary code."

Govindavajhala said that this sort of heat-based attack presents a real risk. "On 13 March, I had a conference call with 6 smart card developers wondering if the attack is applicable to their product ... The scenarios people are thinking of are \[for example\] a bank putting some money on the card and digital-signing \[the card content\]. Imagine the incentive the user has to break the card. While smart cards are rarely used in the United States, I believe that smart cards are much more common in Europe," he said. Govindavajhala also wonders how this sort of bit-flipping attack might affect Microsoft's proposed Palladium architecture. He said he'll check into that possibility.

The men recommend using memory chips that support error-correction code (ECC) to help stop attacks that are targeted at memory banks. But that's not enough protection because errors could be introduced anywhere on a data bus. You should also use processors that incorporate ECC technology, along with software-based error logging and some sort of response mechanism that reacts to unusual error patterns.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.