Rain: Transiently Leaking Data from Public Clouds Using Old Vulnerabilities
13 days ago
- #Transient Execution
- #Cloud Security
- #Hardware Vulnerabilities
- Public clouds must provide strong security guarantees against advanced attacks and hardware vulnerabilities.
- Transient execution vulnerabilities like Spectre have not been reported in real-world cloud attacks until now.
- Older CPUs in clouds lack comprehensive fixes for transient execution vulnerabilities, raising concerns about software-based defenses.
- Mitigating vulnerabilities in isolation without addressing root causes leaves systems vulnerable.
- Attackers can combine mitigated vulnerabilities like L1TF with speculative out-of-bounds loads to leak data across VM boundaries.
- A practical attack demonstrated leaking TLS keys from an Nginx server in a victim VM within 15 hours under noisy conditions.