Virtual machine used to steal crypto keys from other VM on same server

By Dan Goodin Ars Technica Nov 6 2012
Piercing a key defense found in cloud environments such as Amazon’s EC2
service, scientists have devised a virtual machine that can extract
private cryptographic keys stored on a separate virtual machine when it
resides on the same piece of hardware.
The technique, unveiled in a research paper published by computer
scientists from the University of North Carolina, the University of
Wisconsin, and RSA Laboratories, took several hours to recover the
private key for a 4096-bit ElGamal-generated public key using the
libgcrypt v.1.5.0 cryptographic library. The attack relied on
“side-channel analysis,” in which attackers crack a private key by
studying the electromagnetic emanations, data caches, or other
manifestations of the targeted cryptographic system.
One of the chief selling points of virtual machines is their ability to
run a variety of tasks on a single computer rather than relying on a
separate machine to run each one. Adding to the allure, engineers have
long praised the ability of virtual machines to isolate separate tasks,
so one can’t eavesdrop or tamper with the other. Relying on fine-grained
access control mechanisms that allow each task to run in its own secure
environment, virtual machines have long been considered a safer
alternative for cloud services that cater to the rigorous security
requirements of multiple customers.
“In this paper, we present the development and application of a cross-VM
side-channel attack in exactly such an environment,” the scientists
wrote. “Like many attacks before, ours is an access-driven attack in
which the attacker VM alternates execution with the victim VM and
leverages processor caches to observe behavior of the victim.”
[…]
http://arstechnica.com/security/2012/11/crypto-keys-stolen-from-virtual-machine/