[Cryptography] Buffer Overflows & Spectre

Jerry Leichter leichter at lrw.com
Thu Nov 22 12:10:48 EST 2018

>> Given the realities of today's hardware, one could imagine a "Cloud" in which you don't rent a VM:  You rent an actual piece of hardware (so-called "bare metal"), which runs your code and your code only.
> Hmmm....
> How can you tell when the "cloud" vendor is lying to you, and running your code in an VM simulation anyway ?
The same you tell if any vendor is lying:  You put auditing requirements along with big legal penalties in the contract.  Nothing new here, for sophisticated buyers.  Sure, rubes will get taken - but there's nothing new there either.

BTW, there are a number of tricks to distinguish between "running in a VM" and "running on raw hardware".  The point of a hypervisor is to be able to run programs of interest, not to fool programs that specifically want to check.  In fact, OS's that run as VM guests tend to have special support for it - it's easier to make small modifications to the OS than to put major work into the hardware and hypervisor.  (Simple example:  OS's tend to have built-in expectations about how long the hardware will take to respond to some simple requests; they react to the hardware taking "too long" by assuming the hardware is hung, and force a reboot in an attempt to clear the problem.  A VM may be delayed for arbitrarily long by the hypervisor, so these timeouts cause crashes. OS's have been taught to ignore this particular "hardware problem" when running as a guest OS.)
                                                        -- Jerry

More information about the cryptography mailing list