SNPeek: Side-Channel Analysis for Privacy Applications on Confidential VMs

TL;DR

SNPeek is an open-source toolkit that detects and analyzes side-channel leaks in confidential VMs, helping developers improve privacy protections with practical, automated tools on real hardware.

Contribution

The paper introduces SNPeek, a systematic, configurable toolkit combining hardware tracing and machine learning to measure and compare side-channel leakage in CVMs.

Findings

Uncovered previously unnoticed leaks, including a covert channel at 497 kbit/s.

SNPeek effectively pinpoints vulnerabilities in CVMs.

Guides low-overhead mitigations like oblivious memory and differential privacy.

Abstract

Confidential virtual machines (CVMs) based on trusted execution environments (TEEs) enable new privacy-preserving solutions. Yet, they leave side-channel leakage outside their threat model, shifting the responsibility of mitigating such attacks to developers. However, mitigations are either not generic or too slow for practical use, and developers currently lack a systematic, efficient way to measure and compare leakage across real-world deployments. In this paper, we present SNPeek, an open-source toolkit that offers configurable side-channel tracing primitives on production AMD SEV-SNP hardware and couples them with statistical and machine-learning-based analysis pipelines for automated leakage estimation. We apply SNPeek to three representative workloads that are deployed on CVMs to enhance user privacy-private information retrieval, private heavy hitters, and Wasm user-defined functions-and uncover previously unnoticed leaks, including a covert channel that exfiltrates data at 497 kbit/s. The results show that SNPeek pinpoints vulnerabilities and guides low-overhead mitigations based on oblivious memory and differential privacy, giving practitioners a practical path to deploy CVMs with meaningful confidentiality guarantees.