Fault Attacks on Encrypted General Purpose Compute Platforms

Buhren, Robert; Gueron, Shay; Nordholz, Jan; Seifert, Jean-Pierre; Vetter, Julian

doi:10.1145/3029806.3029836

Cited by 9 publications

(7 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Additionally, in contrast to our prototype, both [9] and [5] did not realize the attack on real hardware, as only the AMD specifications for SEV and SME were public. The results of our work strongly indicate that [9] also works on real SEV platforms.…”

Section: Related Workmentioning

confidence: 92%

See 1 more Smart Citation

SEVered

Morbitzer

Huber

Horsch

et al. 2018

Proceedings of the 11th European Workshop on Systems Security

View full text Add to dashboard Cite

AMD SEV is a hardware feature designed for the secure encryption of virtual machines. SEV aims to protect virtual machine memory not only from other malicious guests and physical attackers, but also from a possibly malicious hypervisor. This relieves cloud and virtual server customers from fully trusting their server providers and the hypervisors they are using. We present the design and implementation of SEVered, an attack from a malicious hypervisor capable of extracting the full contents of main memory in plaintext from SEV-encrypted virtual machines. SEVered neither requires physical access nor colluding virtual machines, but only relies on a remote communication service, such as a web server, running in the targeted virtual machine. We verify the effectiveness of SEVered on a recent AMD SEV-enabled server platform running different services, such as web or SSH servers, in encrypted virtual machines.With these examples, we demonstrate that SEVered reliably and efficiently extracts all memory contents even in scenarios where the targeted virtual machine is under high load. CCS CONCEPTS• Security and privacy → Virtualization and security; KEYWORDS AMD SEV, virtual machine encryption, page fault side channel, data extraction ACM Reference Format:

show abstract

Section: Related Workmentioning

confidence: 92%

“…Buhren et al [5] leveraged fault attacks on Secure Memory Encryption (SME) platforms, which SEV is built upon. They showed that it is possible to extract the private RSA key of a GnuPG user from encrypted memory.…”

Section: Related Workmentioning

confidence: 99%

SEVered

Morbitzer

Huber

Horsch

et al. 2018

Proceedings of the 11th European Workshop on Systems Security

View full text Add to dashboard Cite

show abstract

“…Using a modified firmware, they are able to extract the private key, used by the SP to authenticate itself as an AMD device. Data Faults In [11], Buhren et al explore the idea of performing classical fault attacks on application data in memory. They flip a bit in a ciphertext block, in order to create garbled plaintext.…”

Section: E Previous Attacks On Sevmentioning

confidence: 99%

SEVurity: No Security Without Integrity : Breaking Integrity-Free Memory Encryption with Minimal Assumptions

Wilke

Wichelmann

Morbitzer

et al. 2020

2020 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

One reason for not adopting cloud services is the required trust in the cloud provider: As they control the hypervisor, any data processed in the system is accessible to them. Full memory encryption for Virtual Machines (VM) protects against curious cloud providers as well as otherwise compromised hypervisors. AMD Secure Encrypted Virtualization (SEV) is the most prevalent hardware-based full memory encryption for VMs. Its newest extension, SEV-ES, also protects the entire VM state during context switches, aiming to ensure that the host neither learns anything about the data that is processed inside the VM, nor is able to modify its execution state. Several previous works have analyzed the security of SEV and have shown that, by controlling I/O, it is possible to exfiltrate data or even gain control over the VM's execution. In this work, we introduce two new methods that allow us to inject arbitrary code into SEV-ES secured virtual machines. Due to the lack of proper integrity protection, it is sufficient to reuse existing ciphertext to build a high-speed encryption oracle. As a result, our attack no longer depends on control over the I/O, which is needed by prior attacks. As I/O manipulation is highly detectable, our attacks are stealthier. In addition, we reverse-engineer the previously unknown, improved Xor-Encrypt-Xor (XEX) based encryption mode, that AMD is using on updated processors, and show, for the first time, how it can be overcome by our new attacks.

show abstract

“…With an encryption oracle, the adversary could breach the integrity of the victim VM and force the victim VM to (1) execute arbitrary instruction, or (2) alter sensitive data, or (3) change control flows. Note that our encryption oracle differs from those in the prior works [8], [6], [17] as it does not rely on SEV's memory integrity flaws.…”

Section: B Variant 2: Executing Victim Vm's Encrypted Instructionsmentioning

confidence: 99%

CROSSLINE: Breaking "Security-by-Crash" based Memory Isolation in AMD SEV

Li¹,

Zhang²,

Lin³

2020

Preprint

View full text Add to dashboard Cite

AMD's Secure Encrypted Virtualization (SEV) is an emerging security feature on AMD processors that allows virtual machines to run on encrypted memory and perform confidential computing even with an untrusted hypervisor. This paper first demystifies SEV's improper use of address space identifier (ASID) for controlling accesses of a VM to encrypted memory pages, cache lines, and TLB entries. We then present the CROSSLINE attacks, a novel class of attacks against SEV that allow the adversary to launch an attacker VM and change its ASID to that of the victim VM to impersonate the victim. We present two variants of CROSSLINE attacks: CROSSLINE V1 decrypts victim's page tables or memory blocks following the format of a page table entry; CROSSLINE V2 constructs encryption and decryption oracles by executing instructions of the victim VM. We have successfully performed CROSSLINE attacks on SEV and SEV-ES processors.

show abstract

Fault Attacks on Encrypted General Purpose Compute Platforms

Cited by 9 publications

References 33 publications

SEVered

SEVered

SEVurity: No Security Without Integrity : Breaking Integrity-Free Memory Encryption with Minimal Assumptions

CROSSLINE: Breaking "Security-by-Crash" based Memory Isolation in AMD SEV

Contact Info

Product

Resources

About