A Princeton University student has shed light on security flaws in Java and .Net virtual machines using a lamp, some known properties of computer memory and a little luck.
An attack using his technique requires physical access to the computer, so the technique poses little threat to virtual machines running on PCs and servers. But it could be used to steal data from smart cards, said Sudhakar Govindavajhala, a computer-science graduate student at Princeton who demonstrated the procedure on Tuesday.
"There are smart cards that use Java that you could shine a light on, flip a bit and get access to the card's data," he said.
Govindavajhala presented the paper at the Institute of Electrical and Electronic Engineers (IEEE) Symposium on Security and Privacy in Berkeley, California.
The technique relies on the ability of energy to "flip bits" in memory. While cosmic rays can very occasionally cause a random bit in memory to change value, from 0 to 1 or from 1 to 0, Govindavajhala decided not to wait. He used a lamp to heat up the chips inside a computer and cause one or more bits of memory to change.
By doing so, the researcher broke the security model that virtual machines rely on--that the computer faithfully executes its instruction set.
"You have broken out of the sandbox," Govindavajhala said. Virtual machines are software programs that emulate a virtual computer entirely in the host computer's memory. The programs are used to allow software to run on multiple platforms.
For example, Java applets can execute on a virtual machine running on Windows, Linux or the MacOS. Another feature of such virtual machines is that they keep applets contained to a software "sandbox"--preventing them from affecting the data on the computer.
Govindavajhala attacked the system by adding his own code into memory and then filling the remaining free memory with the address of the new code. He found that, if he could fill 60 percent of memory with the addresses, a random bit flip would cause his attack code to run more than 70 percent of the time. In the remaining instances, a key program on the computer would crash instead.
Fred Cohen, a principal analyst with technology consultancy The Burton Group, said that people who created virtual machines didn't allow for this possible attack.
"Here is a case where people thought they had thought of everything, but they hadn't," he said, adding that even with sandboxing untrusted applications, they can still be dangerous. "If you let people run programs in your computer, then there is a chance they can do what they want."
The technique could be useful in stealing data from smart cards, which look like credit cards but have memory and a simple processor implanted in the card. Since getting a hold of someone's smart card is much easier than cracking the case on their PC, the attack would be feasible.
"Certainly there are some smart cards that this could work on," Cohen said. "There are all sorts of handheld devices where such an attack has potential to do harm as well."
In addition to such devices, the attack could have some implications for trusted computing systems, such as Microsoft's next-generation secure computing base, formerly known as Palladium. Govindavajhala hadn't studied the effects of his error-inducing techniques on such a system, however.
Yet, the student researcher did point out that as processors and memory get faster, the energy needed to induce bit flips becomes smaller, suggesting that his technique will only become more effective.
4%
2%
