Communication Between Virtual Machines Using the CPU

Vulnerability Description

Brief Description: Two virtual machines sharing a single processor can communicate by modulating their own CPU usage.

Detailed Description: The KVM/370 system supports separate virtual machines on a single IBM 370 system. Each virtual machine is intended to be completely isolated from the others. All share system resources. These reaources include the system CPU, the supervisor's round robin scheduler, and a wall clock. Hence each can determine the amount and rate at which it is receiving CPU time. The scheduler schedules based on need; if a virtual machine does not need the CPU for a time, it will not be assigned any CPU use, and the other virtual machines will get the extra time.

Component(s): scheduler, supervisor, CPU

Version(s): unknown

Operating System(s): IBM KVM/370

Other Information: none

Effects:Virtual machines can communicate using a covert channel.

Detecting the Vulnerability:

* Examine the scheduler to determine if it schedules by need. If so, you have the vulnerability.

Fixing the Vulnerability:

* Do not share any resources among virtual machines.


Keywords:KVM/370, scheduler, CPU, supervisor


Attack Methods or Tools: Not provided.

Related Information

Advisories and Other Alerts: none.

Related Vulnerabilities: none.


First Report We Know Of: by Marv Schaefer et al., date "Program Confinement on KVM/370," Proceedings of the ACM National Conference, in Oct. 1977

Revisions of Database Record

1. Matt Bishop(Jan. 31, 1999): Entered into DOVES.