Click For Photo: https://regmedia.co.uk/2019/07/10/data_shutterstock.jpg
Five boffins from four US universities have explored AMD's Secure Encrypted Virtualization (SEV) technology – and found its defenses can be, in certain circumstances, bypassed with a bit of effort.
In a paper [PDF] presented Tuesday at the ACM Asia Conference on Computer and Communications Security in Auckland, New Zealand, computer scientists Jan Werner (UNC Chapel Hill), Joshua Mason (University of Illinois), Manos Antonakakis (Georgia Tech), Michalis Polychronakis (Stony Brook University), and Fabian Monrose (UNC Chapel Hill) detail two novel attacks that can undo the privacy of protected processor enclaves.
Paper - SEVerESt - Them - All - Inference
The paper, "The SEVerESt Of Them All: Inference Attacks Against Secure Virtual Enclaves," describes techniques that can be exploited by rogue cloud server administrators, or hypervisors hijacked by hackers, to figure out what applications are running within an SEV-protected guest virtual machine, even when its RAM is encrypted, and also extract or even inject data within those VMs.
This is possible, we're told, by monitoring, and altering if necessary, the contents of the general-purpose registers of the SEV guest's CPU cores, gradually revealing or messing with whatever workload the guest may be executing. The hypervisor can access the registers, which typically hold temporary variables of whatever software is running, by briefly pausing the guest and inspecting its saved state. Efforts by AMD to prevent this from happening, by hiding the context of a virtual machine while the hypervisor is active, can also, it is claimed, be potentially thwarted.
SEV - Workloads - Machines - Eyes - Fingers
SEV is supposed to safeguard sensitive workloads, running in guest virtual machines, from the prying eyes and fingers of malware and rogue insiders on host servers, typically machines located off-premises or in the public cloud.
The techniques, specifically, undermine the data confidentiality model of guest virtual machines by enabling miscreants to "recover data transferred over TLS connections within the encrypted guest, retrieve the contents of sensitive data...
Wake Up To Breaking News!