AMD's Secure Encrypted Virtualization (SEV) technology, which comes alongside EPYC trouble of processors, is a hardware characteristic that encrypts the retentiveness of each VM inwards a agency that solely the invitee itself tin access the data, protecting it from other VMs/containers together with fifty-fifty from an untrusted hypervisor.
Discovered past times researchers from the Fraunhofer Institute for Applied together with Integrated Security inwards Munich, the page-fault side channel attack, dubbed SEVered, takes payoff of lack inwards the integrity protection of the page-wise encryption of the original memory, allowing a malicious hypervisor to extract the sum content of the original retentiveness inwards plaintext from SEV-encrypted VMs.
Here's the outline of the SEVered attack, every bit briefed inwards the paper:
"While the VM’s Guest Virtual Address (GVA) to Guest Physical Address (GPA) translation is controlled past times the VM itself together with opaque to the HV, the HV remains responsible for the Second Level Address Translation (SLAT), pregnant that it maintains the VM’s GPA to Host Physical Address (HPA) mapping inwards original memory.
"This enables us to alter the retentiveness layout of the VM inwards the HV. We piece of employment this capability to line a fast 1 on a service inwards the VM, such every bit a spider web server, into returning arbitrary pages of the VM inwards plaintext upon the asking of a resources from outside."
"We kickoff position the encrypted pages inwards retentiveness corresponding to the resource, which the service returns every bit a answer to a specific request. By repeatedly sending requests for the same resources to the service piece re-mapping the identified retentiveness pages, nosotros extract all the VM's retentiveness inwards plaintext."During their tests, the squad was able to extract a exam server's entire 2GB retentiveness data, which too included information from about other invitee VM.
In their experimental setup, the researchers used a alongside the Linux-based arrangement powered past times an AMD Epyc 7251 processor alongside SEV enabled, running spider web services—the Apache together with Nginx spider web servers—as good every bit an SSH server, OpenSSH spider web server inwards split upwards VMs.
As malicious HV, the researchers used the system's Kernel-based Virtual Machine (KVM) together with modified it to notice when software inside a invitee accessed physical RAM.
While Apache together with Nginx spider web servers the extraction of retentiveness information was high (at a speed of 79.4 KB/sec), OpenSSH had a higher answer fourth dimension which reduced the extraction speed to solely 41.6 KB/sec.
"Our evaluation shows that SEVered is viable inwards practise together with that it tin travel used to extract the entire retentiveness from an SEV-protected VM inside a reasonable time," the researchers said. "The results specifically present that critical aspects, such every bit dissonance during the identification together with the resources stickiness are managed good past times SEVered."The researchers too recommended a few steps AMD could get got to isolate the transition procedure betwixt the host together with Guest Physical Address (GPA) to mitigate the SEVered attack.
The best solution is to render "a full-featured integrity together with freshness protection of guest-pages additional to the encryption, every bit realized inwards Intel SGX. However, this probable comes alongside a high silicon terms to protect sum VMs compared to SGX enclaves."However, securely combine the hash of the page’s content alongside the guest-assigned GPA could travel a low-cost, efficient solution, which ensures "pages cannot easily travel swapped past times changing the GPA to HPA mapping."
The query was carried out past times 4 Fraunhofer AISEC researchers—Mathias Morbitzer, Manuel Huber, Julian Horsch together with Sascha Wessel—which has been published inwards their newspaper [PDF] titled, "SEVered: Subverting AMD’s Virtual Machine Encryption."
