Skim Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems to see if it counts as a privacy-breaking side-channel

defuse / flush-reload-attacks

182 stars 78 forks source link

Skim Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems to see if it counts as a privacy-breaking side-channel #55

Closed defuse closed 8 years ago

defuse commented 8 years ago

This is a really weird threat model: The OS is malicious, but the hypervisor and application running on the OS are not, and you want to defend the application from the OS.

defuse commented 8 years ago

Holy shit this is cool, it uses page faults to monitor which pages of memory are being accessed over time. For example page-granularity view of code execution in FreeType leaks the characters, and they extract text contents that way. If that's possible, unless the code runes too fast, I'm betting it's possible to do this using Flush+Reload. Opened #60.

defuse commented 8 years ago

Done.