Mengyuan Li, Yinqian Zhang, Huibo Wang, Kang Li, Yueqiang Cheng
{"title":"针对AMD安全加密虚拟化的TLB中毒攻击","authors":"Mengyuan Li, Yinqian Zhang, Huibo Wang, Kang Li, Yueqiang Cheng","doi":"10.1145/3485832.3485876","DOIUrl":null,"url":null,"abstract":"AMD’s Secure Encrypted Virtualization (SEV) is an emerging technology of AMD server processors, which provides transparent memory encryption and key management for virtual machines (VM) without trusting the underlying hypervisor. Like Intel Software Guard Extension (SGX), SEV forms a foundation for confidential computing on untrusted machines; unlike SGX, SEV supports full VM encryption and thus makes porting applications straightforward. To date, many mainstream cloud service providers, including Microsoft Azure and Google Cloud, have already adopted (or are planning to adopt) SEV for confidential cloud services. In this paper, we provide the first exploration of the security issues of TLB management on SEV processors and demonstrate a novel class of TLB Poisoning attacks against SEV VMs. We first demystify how SEV extends the TLB implementation atop AMD Virtualization (AMD-V) and show that the TLB management is no longer secure under SEV’s threat model, which allows the hypervisor to poison TLB entries between two processes of a SEV VM. We then present TLB Poisoning Attacks, a class of attacks that break the integrity and confidentiality of the SEV VM by poisoning its TLB entries. Two variants of TLB Poisoning Attacks are described in the paper; and two end-to-end attacks are performed successfully on both AMD SEV and SEV-ES.","PeriodicalId":175869,"journal":{"name":"Annual Computer Security Applications Conference","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":"{\"title\":\"TLB Poisoning Attacks on AMD Secure Encrypted Virtualization\",\"authors\":\"Mengyuan Li, Yinqian Zhang, Huibo Wang, Kang Li, Yueqiang Cheng\",\"doi\":\"10.1145/3485832.3485876\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"AMD’s Secure Encrypted Virtualization (SEV) is an emerging technology of AMD server processors, which provides transparent memory encryption and key management for virtual machines (VM) without trusting the underlying hypervisor. Like Intel Software Guard Extension (SGX), SEV forms a foundation for confidential computing on untrusted machines; unlike SGX, SEV supports full VM encryption and thus makes porting applications straightforward. To date, many mainstream cloud service providers, including Microsoft Azure and Google Cloud, have already adopted (or are planning to adopt) SEV for confidential cloud services. In this paper, we provide the first exploration of the security issues of TLB management on SEV processors and demonstrate a novel class of TLB Poisoning attacks against SEV VMs. We first demystify how SEV extends the TLB implementation atop AMD Virtualization (AMD-V) and show that the TLB management is no longer secure under SEV’s threat model, which allows the hypervisor to poison TLB entries between two processes of a SEV VM. We then present TLB Poisoning Attacks, a class of attacks that break the integrity and confidentiality of the SEV VM by poisoning its TLB entries. Two variants of TLB Poisoning Attacks are described in the paper; and two end-to-end attacks are performed successfully on both AMD SEV and SEV-ES.\",\"PeriodicalId\":175869,\"journal\":{\"name\":\"Annual Computer Security Applications Conference\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-12-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"11\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Annual Computer Security Applications Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3485832.3485876\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Annual Computer Security Applications Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3485832.3485876","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
TLB Poisoning Attacks on AMD Secure Encrypted Virtualization
AMD’s Secure Encrypted Virtualization (SEV) is an emerging technology of AMD server processors, which provides transparent memory encryption and key management for virtual machines (VM) without trusting the underlying hypervisor. Like Intel Software Guard Extension (SGX), SEV forms a foundation for confidential computing on untrusted machines; unlike SGX, SEV supports full VM encryption and thus makes porting applications straightforward. To date, many mainstream cloud service providers, including Microsoft Azure and Google Cloud, have already adopted (or are planning to adopt) SEV for confidential cloud services. In this paper, we provide the first exploration of the security issues of TLB management on SEV processors and demonstrate a novel class of TLB Poisoning attacks against SEV VMs. We first demystify how SEV extends the TLB implementation atop AMD Virtualization (AMD-V) and show that the TLB management is no longer secure under SEV’s threat model, which allows the hypervisor to poison TLB entries between two processes of a SEV VM. We then present TLB Poisoning Attacks, a class of attacks that break the integrity and confidentiality of the SEV VM by poisoning its TLB entries. Two variants of TLB Poisoning Attacks are described in the paper; and two end-to-end attacks are performed successfully on both AMD SEV and SEV-ES.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
