Secure Encrypted Virtualization is Unsecure
Zhao-Hui Du, Zhiwei Ying, Zhenke Ma, Yufei Mai, Phoebe Wang, Jesse Liu, and Jesse Fang
TL;DR
This paper reveals that AMD's Secure Encrypted Virtualization (SEV) technology is vulnerable due to lack of integrity protection, allowing realistic attacks to compromise virtual machine security.
Contribution
The paper identifies a critical weakness in SEV's design and demonstrates a practical attack exploiting this flaw to gain root privileges.
Findings
SEV lacks integrity protection, making it vulnerable.
A practical attack can obtain root privileges in SEV-protected VMs.
The attack was demonstrated on a Ryzen machine supporting SME.
Abstract
Virtualization has become more important since cloud computing is getting more and more popular than before. There is an increasing demand for security among the cloud customers. AMD plans to provide Secure Encrypted Virtualization (SEV) technology in its latest processor EPYC to protect virtual machines by encrypting its memory but without integrity protection. In this paper, we analyzed the weakness in the SEV design due to lack of integrity protection thus it is not so secure. Using different design flaw in physical address-based tweak algorithm to protect against ciphertext block move attacks, we found a realistic attack against SEV which could obtain the root privilege of an encrypted virtual machine protected by SEV. A demo to simulate the attack against a virtual machine protected by SEV is done in a Ryzen machine which supports Secure Memory Encryption (SME) technology since SEV…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSecurity and Verification in Computing · Advanced Malware Detection Techniques · Cloud Data Security Solutions