Ignorantia Peritorum

Share this post

Cross-container cloud attacks

arit.substack.com

Discover more from Ignorantia Peritorum

This substack seeks to highlight and explicate the ignorance of experts.
Continue reading
Sign in
Security

Cross-container cloud attacks

.. with a proof of concept on Azure

Ari Trachtenberg
Jul 1, 2022
Share this post

Cross-container cloud attacks

arit.substack.com
Share
Cloud services, courtesy of Wikimedia Commons

Our latest publication [1] just presented in CSCML 2022, demonstrating an inherent side-channel in container infrastructure. This allows an attacker to infer private information from vulnerable containers or to establish a covert channel with such containers that bypasses detection (e.g., firewalls). We demonstrate this attack on Microsoft Azure (to whom it was disclosed in advance).

One one foot, the key observation is that containers need to share much of their file system in order to benefit from their light-weight environment. This sharing permits a page-cache attack based on the common files.

The page cache [2] remains an extremely difficult channel [3] to disrupt, in part because it is so intimately linked to the efficiency of a system.


[1] Boskov, N., Radami, N., Tiwari, T., Trachtenberg, A. (2022). Union Buster: A Cross-Container Covert-Channel Exploiting Union Mounting. In: Dolev, S., Katz, J., Meisels, A. (eds) Cyber Security, Cryptology, and Machine Learning. CSCML 2022. Lecture Notes in Computer Science, vol 13301. Springer, Cham. https://doi.org/10.1007/978-3-031-07689-3_23.

[2] Daniel Gruss, Erik Kraft, Trishita Tiwari, Michael Schwarz, Ari Trachtenberg, Jason Hennessey, Alex Ionescu, and Anders Fogh. 2019. Page Cache Attacks. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (CCS '19). Association for Computing Machinery, New York, NY, USA, 167–180. https://doi.org/10.1145/3319535.3339809.

[3] Linux Kernel Developers: Revert “Change mincore() to count “mapped” pages rather than “cached” pages” (2019). https://git.kernel.org/pub/scm/linux/kernel/ git/torvalds/linux.git/commit/?id=30bac164aca750892b93eef350439a0562a68647

Share this post

Cross-container cloud attacks

arit.substack.com
Share
Comments
Top
New
Community

No posts

Ready for more?

© 2023 Ari Trachtenberg
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing