Exploiting Interfaces of Secure Encrypted Virtual Machines

  title={Exploiting Interfaces of Secure Encrypted Virtual Machines},
  author={Martin Radev and Mathias Morbitzer},
  journal={Reversing and Offensive-oriented Trends Symposium},
  • M. Radev, M. Morbitzer
  • Published 14 October 2020
  • Computer Science
  • Reversing and Offensive-oriented Trends Symposium
Cloud computing is a convenient model for processing data remotely. However, users must trust their cloud provider with the confidentiality and integrity of the stored and processed data. To increase the protection of virtual machines, AMD introduced SEV, a hardware feature which aims to protect code and data in a virtual machine. This allows to store and process sensitive data in cloud environments without the need to trust the cloud provider or the underlying software. However, the virtual… 
SEVerity: Code Injection Attacks against Encrypted Virtual Machines
The SEVerity attack is introduced; a missing puzzle piece in the series of attacks against AMD SEV and SEV-ES and renders the present implementation as incapable of protecting against a curious, vulnerable, or malicious Hypervisor.
undeSErVed trust: Exploiting Permutation-Agnostic Remote Attestation
A full end-to-end attack is presented, from the initial exploit to leaking the key of the encrypted disk image during boot, giving the attacker unthrottled access to all of the VM’s persistent data.
One Glitch to Rule Them All: Fault Injection Attacks Against AMD's Secure Encrypted Virtualization
It is proved that SEV cannot adequately protect confidential data in cloud environments from insider attackers, such as rogue administrators, on currently available CPUs.
VIA: Analyzing Device Interfaces of Protected Virtual Machines
VIA, an automated analysis tool to detect cases of improper sanitization of input recieved via the virtual device interface, is developed and evaluated and improves performance compared to existing approaches by an average factor of 2706.
GuaranTEE: Introducing Control-Flow Attestation for Trusted Execution Environments
The results show that GuaranTEE provides a practical solution for cloud users focused on protecting the integrity of their data and processes at run-time.


Security Analysis of Encrypted Virtual Machines
To what extend the proposed features can resist a malicious hypervisor, a model of SEV's security capabilities is developed based on the available documentation as actual silicon implementations are not yet on the market and the tradeoffs imposed by additional protection mechanisms are discussed.
SEVered: Subverting AMD's Virtual Machine Encryption
This work presents the design and implementation of SEVered, an attack from a malicious hypervisor capable of extracting the full contents of main memory in plaintext from SEV-encrypted virtual machines, and demonstrates that SEVering reliably and efficiently extracts all memory contents even in scenarios where the targeted virtual machine is under high load.
Extracting Secrets from Encrypted Virtual Machines
This work presents an approach that allows a malicious hypervisor quick identification and theft of secrets, such as TLS, SSH or FDE keys, from encrypted virtual machines on current SEV hardware, and systematically extracts memory regions most likely to contain the secrets.
Exploiting Unprotected I/O Operations in AMD's Secure Encrypted Virtualization
The construction of two attack primitives against SEV’s memory encryption schemes are demonstrated, namely a memory decryption oracle and a memory encryption oracle, which enables an adversary to decrypt and encrypt arbitrary messages using the memory encryption keys of the VMs.
The SEVerESt Of Them All: Inference Attacks Against Secure Virtual Enclaves
This work introduces two new attacks that can breach the confidentiality of protected enclaves and demonstrates the practicality of these inference attacks by showing how an adversary can identify different applications and even distinguish between versions of the same application and the compiler used.
SEVurity: No Security Without Integrity : Breaking Integrity-Free Memory Encryption with Minimal Assumptions
This work introduces two new methods that allow us to inject arbitrary code into SEV-ES secured virtual machines, and reverse-engineer the previously unknown, improved Xor-Encrypt-Xor (XEX) based encryption mode, that AMD is using on updated processors, and shows how it can be overcome by the new attacks.
Secure Encrypted Virtualization is Unsecure
A realistic attack against SEV is found which could obtain the root privilege of an encrypted virtual machine protected by SEV thus it is not so secure.
On the Detectability of Control Flow Using Memory Access Patterns
By training a random forest classifier on the memory accesses emitted by syscalls of a shielded entity, it is shown that it is possible to infer the control flow of shielded entities with a high degree of accuracy.
Iago attacks: why the system call API is a bad untrusted RPC interface
It is shown how a carefully chosen sequence of integer return values to Linux system calls can lead a supposedly protected process to act against its interests, and even to undertake arbitrary computation at the malicious kernel's behest.
Return-Oriented Programming: Systems, Languages, and Applications
This work presents a high-level, general-purpose language for describing return-oriented exploits and a compiler that translates it to gadgets, and constructs a Turing-complete set of building blocks called gadgets using the standard C libraries of two very different architectures.