On the Limits of Hypervisor- and Virtual Machine Monitor-Based Isolation

  • Loic DuflotEmail author
  • Olivier Grumelard
  • Olivier Levillain
  • Benjamin Morin
Part of the Information Security and Cryptography book series (ISC)


In the past few years, there has been a lot of different attempts to build trusted platforms allowing users to access sensitive and non-sensitive data in a compartmentalized way, i.e., such that applications dealing with sensitive data are fully isolated from those dealing only with public data.


Virtual Machine Cache Line Compartmented System Physical Memory Covert Channel 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    L. Absil, L. Duflot, in Programmed I/O Accesses: A Threat to Virtual Machine Monitors. Pacific Security Conference PacSec07, Tokyo, Japan, 29–30 Nov 2007Google Scholar
  2. 2.
    Advanced Micro Devices (AMD). AMD Virtualisation Solutions, 2007.
  3. 3.
    D. Agrawal, S. Baktir, D. Karakoyunlu, P. Rohatgi, B. Sunar, in Trojan Detection Using IC Fingerprinting. Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, USA, 20–23 May 2007, pp. 296–310Google Scholar
  4. 4.
    F. Bellard, QEMU Open Source Processor Emulator, 2007
  5. 5.
    Y. Berger, A. Wool, A. Yeredor, in Dictionary Attacks Using Keyboard Acoustic Emanations. CCS’06: Proceedings of the 13th ACM Conference on Computer and Communications Security, Alexandria, VA, USA, 30 Oct–3 Nov, 2006 (ACM Press, New York, NY, 2006), pp. 245–254Google Scholar
  6. 6.
    D. J. Bernstein, Cache Timing Attacks on AES. Technical Report, The University of Illinois at Chicago, 2005.Google Scholar
  7. 7.
    G. Bertoni, V. Zaccaria, L. Breveglieri, M. Monchiero, in AES Power Attack Based on Induced Cache Miss and Countermeasure. ITCC’05: Proceedings of the International Conference on Information Technology: Coding and Computing, Las Vegas, NV, USA, 4–6 Apr 2005Google Scholar
  8. 8.
    E. Biham, Y. Carmeli, A. Shamir, in Bug Attacks. CRYPTO, Santa Barbara, CA, USA, 17–21 Aug 2008Google Scholar
  9. 9.
    BSDDaemon, coideloko, and D0nAnd0n, System Management Mode Hack: Using SMM for Other Purposes. Phrack Magazine, 2008.
  10. 10.
    F. David, E. Chan, J. Carlyle, R. Campbell, in Cloaker: Hardware Supported Rootkit Concealment. Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, USA, 18–21 May 2008Google Scholar
  11. 11.
    G. Duc, R. Keryell, Cryptopage: An efficient secure architecture with memory encryption, integrity and information leakage protection. Ann. Comput. Secur. Appl. Conf., 483–492 (Shanghai, China, 6–8 Sept 2006)Google Scholar
  12. 12.
    L. Duflot, in CPU Bugs, CPU Backdoors and Consequences on Security. ESORICS 2008: Proceedings of the 13th European Symposium on Research Computer Security, Malaga, Spain, 6–8 Oct 2008Google Scholar
  13. 13.
    L. Duflot, O. Grumelard, O. Levillain, B. Morin, in Getting into the SMRAM: SMM Reloaded. CanSecWest Applied Security Conference 2009, Vancouver, Canada, 18–20 Mar 2009Google Scholar
  14. 14.
    L. Duflot, O. Levillain, B. Morin, in ACPI: Design Principles and Concerns. Trust 2009, Oxford, UK, 6–8 Apr 2009Google Scholar
  15. 15.
    S. Embleton, S. Sparks, in The System Management Mode (SMM) Rootkit. Black Hat Briefings, Washington, DC, USA, 18–21 Feb 2008Google Scholar
  16. 16.
    EMSCB Consortium. Turaya EMSCB, 2005. emscb.turaya.htm
  17. 17.
    French National Research Agency. Secure and isolated operating system challenge, 2008.
  18. 18.
    GNU. Linux VServer, 2007.
  19. 19.
    J. Heasman, in Implementing and Detecting an ACPI BIOS Rootkit. Blackhat Federal 2006, Washington, DC, USA, 23–26 Jan 2006Google Scholar
  20. 20.
    G. Heiser, K. Elphinstone, I. Kuz, G. Klein, S. Petters, Towards trustworthy computing systems: Taking microkernels to the next level. ACM SIGOPS Oper. Syst. Rev. 41(4), 3–11 (July, 2007)CrossRefGoogle Scholar
  21. 21.
    Intel Corp. Intel 64 and IA 32 architectures software developer’s manual volume 3A: system programming guide part 1, 2007Google Scholar
  22. 22.
    Intel Corp. Intel 64 and IA 32 architectures software developer’s manual volume 3A: system programming guide part 2, 2007Google Scholar
  23. 23.
    JEDEC. DDR2 specification, Nov 2009Google Scholar
  24. 24.
    P.-H. Kamp, R.N.M. Watson, in Jails: Confining the Omnipotent Root. Proceedings of the 2nd International SANE Conference, Maastricht, The Netherlands, 22–25 May 2000Google Scholar
  25. 25.
    K. Kaspersky, in Remote Code Execution Through Intel CPU bugs. Hack In The Box Security Conference, Kuala Lumpur, Malaysia, 27–30 Oct 2008Google Scholar
  26. 26.
    O. Kaya, J.-P. Seifert, On the Power of Simple Branch Prediction Analysis. Cryptology ePrint Archive, 2006.
  27. 27.
    S. King, J. Tucek, A. Cozzie, C. Grier, W. Jiang, Y. Zhou, in Designing and Implementing Malicious Hardware. Proceedings of the First USENIX Workshop on Large Scale Exploits and Emergent Threats, LEET’08, San Francisco, CA, USA, 15 Apr 2008Google Scholar
  28. 28.
    C. Lauradoux, in Collision Attacks on Processors with Cache and Countermeasures. WeWorC ’05: Western European Workshop on Research in Cryptology, Leuven, Belgium, 5–7 July 2005Google Scholar
  29. 29.
    D. Lie, C. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. Mitchell, M. Horowitz, Architectural support for copy and tamper resistant software. ACM SIGPLAN Not. 35(11), 168–177 (2000)CrossRefGoogle Scholar
  30. 30.
    R. Merkle, Secrecy, Authentication and Public Key Systems – A Certified Digital Signature. Ph.D. thesis, Department of Electrical Engineering, Stanford University, 1979Google Scholar
  31. 31.
    National Security Agency. NetTop, 2009. fact_sheets-/nettop.shtml
  32. 32.
    J. Rutkowska, R. Wojtczuk, in Preventing and Detecting Xen Hypervisor Subversions. Blackhat Briefings, Washington, DC, USA, 18–21 Feb 2008Google Scholar
  33. 33.
    A. Sacco A. Ortega, in Persistent BIOS Infection. CanSecWest Conference, Vancouver, Canada, 18–20 Mar 2009Google Scholar
  34. 34.
    G.E. Suh, D. Clarke, B. Gassend, M. van Dijk, S. Devadas, in Aegis: Architecture for Tamper-Evident and Tamper-Resistant Processing. ICS ’03: Proceedings of the 17th Annual International Conference on Supercomputing, San Francisco, CA, USA, 23–26 June 2003 (ACM, New York, NY, 2003), pp. 160–171Google Scholar
  35. 35.
    Y. Tsunoo, T. Saito, T. Suzaki, M. Shigeri, H. Miyauchi, in Cryptanalysis of DES Implemented on Computers with Cache. CHES ’03: Proceedings of the 4th Workshop on Cryptographic Hardware and Embedded Software, Cologne, Germany, 7–10 Sept 2003Google Scholar
  36. 36.
    University of Cambridge. Xen Virtual Machine Monitor, 2007.
  37. 37.
    J. Vanegue, in Hacking PXE Without Reboot. BA-Con Argentina, 2008Google Scholar
  38. 38.
    VMware Inc. VMware Virtualisation Software, 2007Google Scholar
  39. 39.
    R. Wojtczuk, J. Rutkowska, in Attacking Intel Trusted Execution Technology. Blackhat Federal 2009, 2009Google Scholar
  40. 40.
    L. Zhuang, F. Zhou, J.D. Tygar, in Keyboard Acoustic Emanations Revisited. CCS ’05: Proceedings of the 12th ACM Conference on Computer and Communications Security Alexandria, VA, USA, 7–11 Nov 2005 (ACM Press, New York, NY, 2005), pp. 373–382Google Scholar
  41. 41.
    X. Zhuang, T. Zhang, S. Pande, Hide: An infrastructure for efficiently protecting information leakage on the address bus. ACM SIGOPS Oper. Syst. Rev. 38(5), 72–84 (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Loic Duflot
    • 1
    Email author
  • Olivier Grumelard
    • 1
  • Olivier Levillain
    • 1
  • Benjamin Morin
    • 1
  1. 1.French Network and Information Security Agency (ANSSI)ParisFrance

Personalised recommendations