Protecting Confidential Virtual Machines from Hardware Performance Counter Side Channels

Lou, Xiaoxuan; Chen, Kangjie; Xu, Guowen; Qiu, Han; Guo, Shangwei; Zhang, Tianwei

doi:10.1109/dsn58291.2024.00031

2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) 2024

DOI: 10.1109/dsn58291.2024.00031

|View full text |Cite

Protecting Confidential Virtual Machines from Hardware Performance Counter Side Channels

Xiaoxuan Lou,

Kangjie Chen,

Guowen Xu

et al.

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...

Citation Types

Supporting

Mentioning

Contrasting

Year Published

2024

Publication Types

Select...

Article1

Relationship

Self Cite0

Independent1

Authors

Journals

Cited by 1 publication

References 42 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

Confidential VMs Explained: An Empirical Analysis of AMD SEV-SNP and Intel TDX

Misono,

Stavrakakis,

Santos

et al. 2024

Proc. ACM Meas. Anal. Comput. Syst.

View full text Add to dashboard Cite

Confidential computing is gaining traction in the cloud, driven by the increasing security and privacy concerns across various industries. Recent trusted hardware advancements introduce Confidential Virtual Machines (CVMs) to alleviate the programmability and usability challenges of the previously proposed enclave-based trusted computing technologies. CVM hardware extensions facilitate secure, hardware-isolated encrypted VMs, promoting programmability and easier deployment in cloud infrastructures. However, differing microarchitectural features, interfaces, and security properties among hardware vendors complicate the evaluation of CVMs for different use cases. Understanding the performance implications, functional limitations, and security guarantees of CVMs is a crucial step toward their adoption. This paper presents a detailed empirical analysis of two leading CVM technologies: AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) and Intel Trust Domain Extensions (TDX). We review their microarchitectural components and conduct a thorough performance evaluation across various aspects, including memory management, computational performance, storage and network stacks, and attestation primitives. We further present a security analysis through a trusted computing base (TCB) evaluation and Common Vulnerabilities and Exposures (CVE) analysis. Our key findings demonstrate, among others, the effect of CVMs on boot time, memory management and I/O, and identify inefficiencies in their context switch mechanisms. We further provide insights into the performance implications of CVMs and highlight potential room for improvement.

show abstract

Confidential VMs Explained: An Empirical Analysis of AMD SEV-SNP and Intel TDX

Misono,

Stavrakakis,

Santos

et al. 2024

Proc. ACM Meas. Anal. Comput. Syst.

View full text Add to dashboard Cite

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Protecting Confidential Virtual Machines from Hardware Performance Counter Side Channels

Cited by 1 publication

References 42 publications

Confidential VMs Explained: An Empirical Analysis of AMD SEV-SNP and Intel TDX

Confidential VMs Explained: An Empirical Analysis of AMD SEV-SNP and Intel TDX

Contact Info

Product

Resources

About