Skip to Main Content
 

Global Search Box

 
 
 
 

Files

File List


My_dissertation-2.pdf (2.01 MB)

ETD Abstract Container

Abstract Header

Understanding and Exploiting Design Flaws of AMD Secure Encrypted Virtualization

Li, Mengyuan
http://rave.ohiolink.edu/etdc/view?acc_num=osu1658413600898645

Abstract Details

2022, Doctor of Philosophy, Ohio State University, Computer Science and Engineering.
Trusted Execution Environment (TEE) is a blooming direction in the cloud industry. Aiming at protecting cloud user's data in runtime, TEE can enable a lot of new and foreseeable cloud use cases. While enclave-based TEEs such as Intel SGX suffer from a large effort of rewriting existing code, VM-based TEEs such as Intel Trust Domain Extension (TDX) and AMD Secure Encrypted Virtualization (SEV) attract more and more people's attention. Among those VM-based TEEs, AMD SEV is a security extension for the AMD Virtualization (AMD-V) architecture, which is AMD’s ambitious movement towards confidential cloud computing. SEV allows one physical server to efficiently run multiple guest virtual machines (VM) concurrently on encrypted memory with the goal of protecting the security of guest VMs even in the presence of a malicious hypervisor. SEV is also believed to be the first and the only commercial VM-based TEE that has already been adopted in Google Cloud and Microsoft Azure at the time of writing. However, the strong assumption of SEV causes uncertainty in its security guarantee. The lack of a systematic security study in this new assumption makes some unexploited vulnerabilities possible. Thus, it is very urgent to fully study SEV's design and help the community better understand SEV. In this dissertation, we systematically study the structure of AMD SEV's design, including angles from both hardware and software. By comprehensively exploring SEV's different components, we reveal how SEV's hardware and software work together to provide a trusted execution environment, and we also explore several unexploited vulnerabilities in SEV. Here, we briefly outline five categories of vulnerable designs in SEV and the corresponding security attacks. In Chapter 3, we exploit the unprotected I/O operations of SEV-enabled VMs and show that the malicious hypervisor can breach the confidentiality and the integrity of guest VMs with the help of these I/O operations. In Chapter 4, we explore the improper Address Space Identifier (ASID)-based memory isolation and access control. We show that the untrusted hypervisor has control over the VM's ASID without necessary hardware limits. We exploit this design and propose a series of attacks called CROSSLINE attacks. We show that this vulnerable design can be used to decrypt VM's encrypted memory or to momentarily execute arbitrary instructions of the victim VM. In Chapter 5, we provide the first exploration of TLB management in SEV. We first demystify how SEV extends the TLB implementation and show that the TLB management is no longer secure under SEV's threat model, which allows the hypervisor to poison TLB entries between two processes of a SEV VM. We then present TLB Poisoning Attacks, a class of attacks that break the integrity and confidentiality of the SEV VM by poisoning its TLB entries. In Chapter 6, we explore the context switch between the guest VM and the host. We show that during context switch, encrypting the virtual CPU's register stored in the VM Save Area is not enough, which allows the privileged adversary to infer the guest VM's execution states or recover certain plaintext. To demonstrate the severity of the vulnerability, we present the CIPHERLEAKS attack, which exploits the ciphertext side channel to steal private keys from the constant-time implementation of RSA and ECDSA in the latest OpenSSL library. In Chapter 7, we perform a comprehensive study of the ciphertext side channels that widely exist in almost all VM-based TEEs. Our work suggests that the deterministic encryption adopted by almost all commercial VM-based TEEs may potentially leak key-related secrets in most up-to-date mainstream cryptography libraries. The proposed generic ciphertext side-channel attack may exploit the ciphertext leakage from any memory page, including those pages used for kernel data structures, stacks, and heaps. This dissertation shows that the strong assumption of SEV indeed causes some unexploited vulnerabilities. We have reported our findings to the AMD SEV team and have received very positive feedback (several CVEs, two microcode patches, two cryptography library patches, three official security bulletins and an official white paper for software mitigation). We believe that our work can not only help improve the security of AMD SEV but also help the entire TEE community to build and develop more secure products for all cloud customers.
Yinqian Zhang (Advisor)
Radu Teodorescu (Advisor)
Feng Qin (Committee Member)
Zhiqiang Lin (Committee Member)
203 p.
Computer Science
Cloud Computing, TEE, Hardware Security, Side-channel attacks

Recommended Citations

Citations

  • Li, M. (2022). Understanding and Exploiting Design Flaws of AMD Secure Encrypted Virtualization [Doctoral dissertation, Ohio State University]. OhioLINK Electronic Theses and Dissertations Center. http://rave.ohiolink.edu/etdc/view?acc_num=osu1658413600898645

    APA Style (7th edition)

  • Li, Mengyuan. Understanding and Exploiting Design Flaws of AMD Secure Encrypted Virtualization . 2022. Ohio State University, Doctoral dissertation. OhioLINK Electronic Theses and Dissertations Center, http://rave.ohiolink.edu/etdc/view?acc_num=osu1658413600898645.

    MLA Style (8th edition)

  • Li, Mengyuan. "Understanding and Exploiting Design Flaws of AMD Secure Encrypted Virtualization ." Doctoral dissertation, Ohio State University, 2022. http://rave.ohiolink.edu/etdc/view?acc_num=osu1658413600898645

    Chicago Manual of Style (17th edition)

osu1658413600898645
1,682
© 2022, all rights reserved.
This open access ETD is published by The Ohio State University and OhioLINK.