[openstack-dev] Regarding cache-based cross-VM side channel attacks in OpenStack

Adam Heczko aheczko at mirantis.com
Fri Aug 24 08:33:41 UTC 2018


Hi Darshan,
I believe you are referring to the recent Foreshadow / l1tf vulnerability?
If that's the case OpenStack compute workloads are protected with all
relevant to the specific hypervisor type mechanisms.
AFAIK OpenStack at this moment supports KVM-Qemu, Xen, vSphere/ESXI and
Hyper-V hypervisors.
All of the above hypervisors offer side channel protection mechanisms
implementations.
You can also consult OpenStack Security Guide, compute sections seems to be
most relevant to the question you raised,
https://docs.openstack.org/security-guide/compute.html

HTH,


On Fri, Aug 24, 2018 at 7:35 AM Darshan Tank <dmtank at gmail.com> wrote:

> Dear Sir,
>
> I would like to know, whether cache-based cross-VM side channel attacks
> are possible in OpenStack VM or not ?
>
> If the answer of above question is no, then what are the mechanisms
> employed in OpenStack to prevent or to mitigate such types of security
> threats?
>
> I'm looking forward to hearing from you.
>
> Thanks in advance for your support.
>
> With Warm Regards,
> *Darshan Tank *
>
> [image: Please consider the environment before printing]
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>


-- 
Adam Heczko
Security Engineer @ Mirantis Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20180824/74916dfe/attachment.html>


More information about the OpenStack-dev mailing list