Using Memory Errors to Attack a Virtual Machine 251
gillus writes "A very cool scientific paper from Appel and Govindavajhala that explains how virtual machines like java or .Net can be exploited. How? Quite simple, bomb your DRAM chip with X-rays... or more simply with 50-watt spotlight, as the authors demonstrate. Definitively worth a read!"
This just in! (Score:4, Funny)
Film at 11.
Re:This just in! (Score:5, Informative)
Reports are sketchy at present, but we're being led to believe that it's easy to compromise a machine to which you have physical access!
Bet you didn't even read the abstract. Here's the relevant bit:
Our attack is particularly relevant against smart cards or tamper-resistant computers, where the user has physical access (to the outside of the computer) and can use various means to induce faults; we have successfully used heat.
Re:This just in! (Score:3, Insightful)
If somebody intent on breaking through the smart card's security has access to the smart card, then sooner or later the security WILL be broken. Encrypting data is NOT a foolproof way to keep things safe, though having the security measures last a dozen or so years IS a rather s
Re:This just in! (Score:5, Informative)
Some pointers:
Re:This just in! (Score:3, Interesting)
Sorry, I am used to seeing regular static memory chips marketed as being "smart cards", I did not realize that there was an actual secure version of t
Brute force (Score:5, Insightful)
And any literary work can be obtained with an infinite number of monkeys sitting at an infinite number of typewriters for an infinitely long period of time.
Most serious ciphers attacked using brute force with contemporary technology will probably hold out until the universe's heat death. Not to mention the fact that some experts claim that there simply is not enough energy in the universe to cycle a 128 bit counter through all its states, let alone perform any computations.
Re:Brute force (Score:2, Informative)
Not that it's terribly useful. A 256-bit key would require that you perform the same feat (2**128) times-- which I doubt will happen.
Re:Brute force (Score:2)
Also one monkey at one typewriter given an infinite amount of time will also produce all literary works.
Quantum computers are somewhat like the first example, where today's technology is basicly like the second.
Re:This just in! (Score:5, Insightful)
Any encryption can still be broken through though brute force.
This is simply not true. One-time pads are 100% unbreakable, and they will always be unbreakable (at least mathematically speaking), no matter how sophisticated technology gets in the future. For those who are unfamiliar with the concept, a one-time pad is a cryptographically random string of 1's and 0's, which is at least of the same length of the message itself. Two parties have a secure channel in which to exchange these pads; for example, if Alice and Bob wish to use one-time pads, Alice can generate a list of 10,000 cryptographically random strings, put them in a suitcase that is handcuffed to her wrist, and deliver them to Bob in person. Bob and Alice then have a set of one-time pads that they can use for all future communication. Each time they encrypt a message with one of the pads, they discard the pad and never use it again. Because the pad is at least the length of any messages they might pass back and forth, there is no way to analyze the encrypted message for patterns. It is mathematically impossible. You could easily come up strings of 1's and 0's that would ``decrypt'' the message into anything, be it passages from the Bible, or Ogg Vorbis encoded music. You would have no idea which set of 1's and 0's produced the actual original message. This is truly unbreakable encryption on a mathematical level.
Most companies claiming that their encryption is ``unbreakable'' are using one-time pads; the problem is reduced to finding a secure channel of communications in which to transmit those pads. This is usually not a feasible assumption, which is why we all prefer using, for example, Diffie-Hellman key exchange, which depends on the difficulty of math involving discrete logarithms. The encryption we now use is breakable, but it is hard enough to break that it is generally considered secure.
Re:This just in! (Score:2)
Re:This just in! (Score:3, Interesting)
OTP is mathematically 100% secure, but not practically.
Re:This just in! (Score:2, Insightful)
and most of these snake oil salesman are using algorithmic "random" number generation. There's two delicate parts of one time pads-distributing the pad , and your pad generation.
Re:This just in! (Score:5, Informative)
<sigh> You know, I answered just this same question yesterday... </sigh>
As a thermodynamic minimum it takes 4.4 * 10**-26 joules to set a bit. (Well, it takes that much to erase one bit of information. But that's quibbling.) So multiply that by 256, for the number of bits in an AES key, and you get 1.1 * 10**-23 joules to store a key.
Now multiply this by 2**255, which is the number of AES keys you'd have to try to break it by brute force (on average). You get 6.4 * 10**53 joules of energy needed.
The total annual energy output of the Sun is on the order of 10**34 joules. Multiply that by 10**10 to compute the total energy release over the Sun's entire lifespan (yes, this is a nasty kludge of an estimate, I know the Sun's energy output varies) and you get 10**44 joules of energy.
Which means you've only exhausted one billionth of the damn keyspace.
No, you can't break any encryption through brute force. There just isn't enough energy in the universe to do it, even positing thermodynamically-perfect computers operating at 3.2K.
Re:This just in! (Score:2)
Very cool argument though. I have never heard it before your previous posting. Just an interesting question: That number you used to indicate the minimum amount of energy to flip (or reset) a bit. Any references on that? I am not a big expert on Thermodynamics, but why is there a minimum energy involved?
Oh, and since you seem to be the resident expert, what is your opinion on the security of AES, in particular of Rijndael in comparison to Bl
Re:This just in! (Score:3, Interesting)
Make one little mistake, they never let you forget it.
Just an interesting question: That number you used to indicate the minimum amount of energy to flip (or reset) a bit. Any references on that?
Sure. The Boltzmann Constant, 1.38 * 10**-23 joules per Kelvin, is the fundamental relationship between temperature and energy. You can think of it as, "this is a quanta of energy at a given temperature". (It's not, and physics majors the world over
Re:This just in! (Score:4, Informative)
What you really need for a physically secure device is an IBM 4758 CryptoCard.. [ibm.com] of course, for it to be useful, you need it protected against key recovery attacks. [slashdot.org]
Re:This just in! (Score:2, Interesting)
That card still isn't invulnerable against being picked apart by electron scannining micrographs and other handy (expensive) physical analysis.
You might consider this impractical, but this is exactly how certain digital TV services in Europe has competed, by hacking each other's cards at any expense.
The only true way to have a secure system
Re:This just in! (Score:3, Insightful)
Re:This just in! (Score:2)
Re:This just in! (Score:2)
This is similar to the concept of sending junk data over your encrypted channel when it's not in use, to foil traffic analysis.
Re:This just in! (Score:4, Interesting)
Just a guess, but I have sure had my share of EMI and radiation induced problems.
Re:This just in! (Score:4, Insightful)
So if I can break smart card event if is does not run any my [untrusted] code, who cares about attack to smart card that allows to run untrusted code? Besides, I've never seen any smartcard that actually does this stupid thing.
A better target for attack may be a server at a nuclear reactor facility that has natural high rate of memory failures :)
Re:This just in! (Score:2)
Well, there are already many error-induction attacks agains smart cards (some references in the article), that don't involve JVM running untrusted code.
Great. How do you take advantage of them? The published hack allows you to take over the security manager of the VM and become essentially "god" on the smartcard. So on the one hand you could induce an error on the card to invalidate the money on it (useless) or on the other hand you could induce an error that allows you to do anything you want, includi
Re:This just in! (Score:2)
Good for you. If they exist (they do) and they are being promoted/advertised (they are) then their security considerations are relevant.
I would like to see a reference. I saw couple of smart cards that can be programmed in Java (AMEX Blue is one example), but Java is used there just for its portability and simplicity of programming. All Java code-based security features are not used at all (and probably not implemented). I have not heard of and can't imagine any useful application of a smart card that al
Re:This just in! (Score:2)
It would have only taken two minutes of research for you to find it [google.ca] yourself: There are several unique benefits of the Java Card technology, such as: Dynamic- New applications can be installed securely after a card has been issued, providing card issuers with the ability to dynamically respond to their customer's changing needs.
That's how Sun is advertising Java Smart Cards. Personally, I'm glad somebody is investigating their claims.
Re:This just in! (Score:3, Interesting)
"
HTML composed using mozilla 0.9.9 on a Redhat Linux 8.0 machine. Best viewed in any browser
"
So _obviously_ the guy's interested in making sure that _everyone_ can read his work. It's just a shame that he seemed to forget that when writing up all his work. Duh!
Anyway, the Powerpoint file viewer that I use under linux is called "strings". Amazingly it sometimes even works!
YAW.
Re:This just in! (Score:2)
I usually use ppthtml for ppt-files but it's not perfect.
One of my friends has OpenOffice which usually deals pretty well with them.
Re:This just in! (Score:2, Interesting)
Re:This just in! (Score:2, Insightful)
Take a look at core memory. Memory access there, when random, was fine. Go looking continually at one row of cores and bam - your wire heats up. Go continually looking at the one single core (read or write) and it was possible to effectiv
Re:This just in! (Score:3, Interesting)
You're not thinking of the Commodore PET "urban legend" are you?
C64 != PET. PET != C64. Don't let the big long "Commodore" word confuse you.
For more info on the blow-up-your-PET story, try:
http://www.softwolves.pp.se/misc/arkiv/cbm-
YAW.
Re:This just in! (Score:5, Interesting)
"To attack machines without physical access, the attacker can rely on natural memory errors."
This paper showed some means an attacker could physically cause a memory error, but it never said that such intervention was required to stage the attack. My guess is that this would be most useful with those "low load" ram chips that ran on slashdot a while back.
Re:This just in! (Score:2, Funny)
Re:This just in! (Score:2)
How do you get physical access to a virtual machine?
Holy Smokes! (Score:2)
Re:This just in! (Score:3, Redundant)
Well fuck it, I can just get a screw driver and OPEN the mofo.
It has ALREADY been proven that no matter how hard something is protected / encrypted / etc, given enough time (and resources!) it will ALWAYS be possible to break though whatever protection measures are in the way. The ONLY 100% secure computing environment is a
Well heck, actualy there ISN'T one, because even a keyboard going into a big grey lock
Re:This just in! (Score:3, Interesting)
the implications!! (Score:5, Funny)
A quick workaround... (Score:5, Funny)
However, now you get a denial of service attack, but hey, it's better than information disclosure or arbitrary code execution.
*.ppt (Score:2, Redundant)
Open office did a decent job on it though
Re:*.ppt (Score:2)
Re:*.ppt (Score:5, Informative)
Link is valid for 7 days
Re:*.ppt (Score:2, Funny)
Then as soon as I turned on my 50 watt reading lamp to set the atmosphere, It all crashed ?
End of Slashdot (Score:5, Funny)
Re:End of Slashdot (Score:5, Funny)
They actually posted a *link* to a *PowerPoint* document in a Slashdot article! Worse yet, no one seems concerned.
Noone reads the articles, so they probably didn't even notice. OK, *I* didn't notice.
What's wrong with PowerPoint? (Score:2)
But how would you get the bullet items to fly in from the right and dissolve out from a white to gray using plain text? It's just not possi
Re:End of Slashdot (Score:4, Informative)
Just to infoome people who may not know:
The file loads just fine in OpenOffice.
OpenOffice is available free (beer and speech) at OpenOffice.org for Windows, Linux, MAC OS X, FreeBSD and Solaris.
I'm sure Apple's Keynote works as well.
New nifty trick for a hacker book (Score:3, Interesting)
If the air conditioner went out at midnight, most system administrators wouldn't know until the morning.
Re:New nifty trick for a hacker book (Score:2)
Two NSA techs sitting in their underground puzzle palace listening to phone conversations about Al Qaeda's superbowl picks.
"Hey Smith, seems a bit warm, doesn't it?"
Meanwhile, 10000 miles away in a dry cave, Mr. bin Laden revels in victory,
"AHAHAHAHA, DIE FUCKERS, ALLAH OWNS YOUR BITS"
A break (in) from the weather (Score:2)
Re:New nifty trick for a hacker book (Score:2)
I'm reminded of Knuth's quote (Score:5, Insightful)
Re:I'm reminded of Knuth's quote (Score:2)
This just in... (Score:5, Funny)
(There are some things you just never forget from your high school physics lab)
Re:This just in... (Score:2)
Re:This just in... (Score:2)
I think the magnet messes with both but the effects are dramatically different.
For B&W, if the beam hitting a spot is displaced by several pixels, its neighbors will be similarly displaced and only a small bit of overall distortion would be noticed.
Color depends on some rather precise alignments so that the red gun hits the red dots and only the red dots. If the magnet messes with this alignment
Re:This just in... (Score:4, Informative)
A black-and-white TV has only one type of phosphor, so it is not as important that the electron streams hit the correct, absolute position on the screen. The screen is uniformly coated, and I don't believe there is an appeture screen on these types of screens.
So, what happens when you hold a magnet to the screen? For one, you deflect the electron streams, so you get a temporarily distorted image, and the colors are off because the electron streams are pointing to the wrong phosphors. With B/W, it just doesn't matter; a phosphor is a phosphor.
Additionally, a powerful magnet can permanently distort or magnetize the metal appeture mask/grille, causing permanent damage the the screen's ability to align electron streams to the appropriate phosphors.
And that's it. I may have misspelled appeture. Oh well.
In other news. (Score:5, Funny)
Re:In other news. (Score:2, Funny)
Don't tell Ashcroft, he'll try to ban baseball in the name of national security!
W
Hi, its the Internet calling. (Score:3, Funny)
RING RING, "Hi, um my name is 'Bob', Im from 'The Internet Company'. We think there is a problem and we need you to help us here. Um, we need you to set your computer next to your microwave for a minute. Oh, no can do?...ok, um, you got like a 50 watt lamp you can stick next to your computer case? Ok, good, yea, do that. Oh yea, and go to this java web site.....yea, I can wait..."
I GUESS you could do some social engineering to get someone to co
Re:In other news. (Score:2, Funny)
No no no, that is a management tool.
best line from the article (Score:5, Funny)
Re:best line from the article (Score:3, Funny)
delete [] bigAssArray;
line from my code...
More elegant way to break a VM (Score:3, Interesting)
Seems more elegant than nuking your machine.
At DefCon X, Gobbles announced a simmiler vulnerability in vmware, though no exploit or advisory has been released so far. For anyone that assumes they're just fear mongering, They also announced the zero day apache bug there, which I'm sure you all remember.
Re:More elegant way to break a VM (Score:2)
Just because they've ONCE proven themselves correct doesn't mean they are slightly trustworthy.
Sure, they announced the OpenBSD/Apache exploit, then went on ranting that they had exploits for every other platform (which they've never yet released).
Then there is one more I'm sure everyone will remember... They claimed that they were working for the RIAA, and had released
viva las vegas (Score:2, Funny)
Make clip on lamps illegal (Score:5, Funny)
Re:Make clip on lamps illegal (Score:2)
Next Spy Gadget? (Score:2, Funny)
Or, it can be used for lesser evil stuff as well. In the office. Find the cubicle with the guy that just hates computers. Every time you walk by him to get a cup of coffee, zap his computer with your device. Tr
New Computer Cases (Score:5, Funny)
Re:New Computer Cases (Score:2)
My LED beats your LEAD
Alex descends into hell for a bottle of milk (Score:5, Funny)
"A very cool scientific paper..."
Oh dear, we really are geeks, aren't we.
Re:Alex descends into hell for a bottle of milk (Score:2)
That must be why you make such an insignificant contribution to the discussion.
Re:Alex descends into hell for a bottle of milk (Score:2)
a side note about developement of ecc (Score:3, Insightful)
Hundreds of megabytes (Score:2, Funny)
Makes you think about ICQ, doesn't it?
Atari 2600 & a screwdriver... (Score:2)
Even at that age, I knew the system wasn't too complex...one chip-per-game, less than a couple dozen pins teasingly poking out the back. Hmmmm...about the width of a screwdriver. TV connected, power on, and screwdriver in hand, in went my Adventure game cartridge. Pin 1+2, garbage, reset. Pin 2+3, more garbage, reset. Pin 3+4...hmmm. After a while, I moved on to short pieces of wire.
Some pin com
ECC for making machines .... **cheaper** ! (Score:5, Insightful)
Note however that this common perception is not strictly speaking entirely accurate or necessary, because if a system is designed to meet a given level of reliability then a machine with ECC may end up being cheaper than one without ECC, because the error detection and correction can make up for reduced reliability in the rest of the hardware.
As an example, some components may be run closer to their operating limits, possibly partially overclocked, or power supplies may be less well regulated and hence electronic noise margins may be slightly compromised, or the system may be designed with substandard cooling, and so on. ECC could help mitigate some of the effects of such presumably cheaper designs, while still maintaining the reliability of better implementions.
So, there's slightly more to the "ECC only found in better systems" argument than at first meets the eye. As usual, caveat emptor.
Or better yet, take this to exteme (Score:2)
Powerpoint??? (Score:2)
Excellent Smithers!!! (Score:3, Funny)
In the lab today, in the wild tomorrow... (Score:4, Interesting)
This is good stuff. Although the experiment used physical access to stress the memory, the theory could be used as an exploit in real situations in ways that the narrow of mind (like me) cannot conceive.
Perhaps this is not a method of practical attack on a machine. But it may be just a matter of creative thinking.
The key take away is to not disallow the possiblity.
Threats you discard as harmless is a logical place for an attacker to begin. Remeber the Maginot line [straightdope.com].
Article in short (Score:2)
Looks like all xSeries servers from IBM and Dell(Power Edges) and HP ship only with ECC RAM , and ECC errors are actually logged by software.
So forget walking into Las Vegas Casinos with a Xray machine.
Even submitters don't read the article (Score:4, Interesting)
The article does mention x-rays, saying "not enough energy to change a DRAM capacitor." Yet everyone talks about x-rays...
I found the phrase from the article "screw driver to remove hard drive" amusing when I first read it. Then I realized they meant "screwdriver". I thought initially they were referring to a DOS attack by corrupting the device driver!
palladium (Score:5, Insightful)
Palladium is just a specialized VM that runs on tamper proof hardware, that's designed to let other people trust the results of some computations performed on your machine.
Neons (Score:2, Funny)
Know what is really scary? (Score:2, Informative)
Back in the older days _all_ computers shipped with at least parity memory. Today you get no checking unless you buy a workstation or server class machine.
Did you ever notice that when you build an IBM system on-line that they make it very clear that the system uses non-parity memory where other companies never mention this? I think they know that someday someone will bring for
NASA has been researching this for a long time (Score:2, Interesting)
It is often questioned on this site as to why spacecraft do not use the latest/greatest computing equipment available. It is because the flight-capable designs have proven themselves tolerant of harsh environments, including alpha/beta/X radiation. (And other things, like low p
trusted bytecode (Score:2)
I've always thought that the JVM security model was the moral equivalent of eliminating the FDA in favour of tamper resistant pill bottles.
Tamper resistant packaging is a darn good idea. But it's not a good idea to be so impressed by the packaging that we forget that how easily well intentioned people can create combinations of carbon, hydrogen, and oxygen and a few choice flavour additives that kill.
Bottom line: no matter how much rocket science you pour into the packaging, you still have to ask hard qu
Re:trusted bytecode (Score:2)
I've always thought that the JVM security model was the morla equivalent of eliminating the FDA in favour of tamper resistant pill bottles.
That's a very bad analogy. Tamper-resistant pill bottles are supposed to ensure that no one other than the manufacturer has done anything to the contents. They do nothing unless the consumer trusts the manufacturer. The computer equivalent of tamper-resistant pill bottles is programs digitally signed by the author.
This is entirely unlike the JVM security model. I
Author responds + PDF slides available (Score:2, Informative)
I don't know if anyone bothered to read the paper, (Score:3, Informative)
Re:I don't know if anyone bothered to read the pap (Score:2)
When I was talking about late-bound VMs, it was largely the ideal case VM, in which all the functions and data are nicely boxed and type-checking is done at every reference. This is of course not the case, especially for Common Lisp (but from what
OH MY GOD!! (Score:2)
COSMIC RAYS!!
Java vulnerable, through C! (Score:2)
Watch further and it all makes sense. He said that Java is vulnerable to these memory errors, and that you can prove it by adding some non-Java code. Well, no S*&t! Has anyone ever doubted that you can do whatever the hell you
Static electricity (Score:2)
A long time ago, when I worked at a restaurant as a teenager, I saw an employee that was screwing around with an ion ray gun [plans-kits.com] accidentally open a secure time-lock safe. He simply pointed it at the safe from a few inches away and the safe's electronic display started blinking and it just opened.
Re:seriously (Score:3, Funny)
Simple countermeasure? (Score:3, Insightful)
Then, when doing the test/comparison, if there is not consensus in the bits (they should be all 1 or all 0), you know some memory error has occurred. The confidence level in the boolean test could be made arbitrarily high by storing increasing numbers of redundant bits.
This would slow things down considerably but it seems cheaper
Re:Simple countermeasure? (Score:2)
No need to do so much extra work. Just use 0 as true and -1 as false, then actually check for the desired value rather than the negation of a value (ie, "a==FALSE" rather than "a!=TRUE").
Though not (necessarily) separated by a large physical distance on the chip, simply setting all bits of a word on or off gives (on a 32-bit ma
Secrecy my arse. (Score:5, Informative)
Using bit errors to flake out machines, where there is no parity or other error checking, is very far removed from "secret tinfoil hat" stuff. Why do you think chips are packed in black epoxy?
Re:This attack doesn't look very effective (Score:5, Interesting)
Um... no. The paper states that if a single-bit error can be induced, then the probability that this single-bit error will then allow the exploiting program to execute arbirary code (as opposed to causing the OS or the VM to crash, etc) is 70%.
So, keep in mind that there are two components to this exploit: 1) writing a program that takes advantage of single-bit errors to execute arbitrary code, and 2) wait for cosmic rays or direct some radiation yourself at the hardware to induce soft errors. The effectiveness depends largely on how quickly/reliably you can induce such errors w/out crashing the machine in the process.
Maybe the techniques for programming the exploit program described here are well known to more experienced programmers, but I found the article extremely interesting and enlightening. I've been taught for years about the superiority of Java's type system as a security measure, and I know that a lot of theoretical work and proofs have been done to show that Java's type system is secure, but this exploit manages to get around the type safety with such a simple trick that I'm kicking myself for not having seen it myself. It's almost elegant, the way they get it done.