Out-of-Order Execution as a Cross-VM Side-Channel and Other Applications

Given the rise in popularity of cloud computing and platform-as-a-service, vulnerabilities in systems which share hardware have become more attractive targets to malicious actors. One of the vulnerabilities inherent to these systems is the potential for side-channels, especially ones that violate the isolation between virtual machines. In this paper, we introduce a novel side-channel which functions across virtual machines. The side-channel functions through the detection of out-of-order execution. We create a simple duplex channel as well as a broadcast channel. We discuss possible adversaries for the side-channel and propose further work to make the channel more secure, efficient and applicable in realistic scenarios. In addition, we consider seven possible malicious applications of this channel: theft of encryption keys, program identification, environmental keying, malicious triggers, determining virtual machine co-location, malicious data injection, and covert channels.