research-article

Extracting Secrets from Encrypted Virtual Machines

Authors:

Mathias Morbitzer,

Julian HorschAuthors Info & Claims

CODASPY '19: Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy

Pages 221 - 230

https://doi.org/10.1145/3292006.3300022

Published: 13 March 2019 Publication History

Abstract

AMD SEV is a hardware extension for main memory encryption on multi-tenant systems. SEV uses an on-chip coprocessor, the AMD Secure Processor, to transparently encrypt virtual machine memory with individual, ephemeral keys never leaving the coprocessor. The goal is to protect the confidentiality of the tenants' memory from a malicious or compromised hypervisor and from memory attacks, for instance via cold boot or DMA. The SEVered attack has shown that it is nevertheless possible for a hypervisor to extract memory in plaintext from SEV-encrypted virtual machines without access to their encryption keys. However, the encryption impedes traditional virtual machine introspection techniques from locating secrets in memory prior to extraction. This can require the extraction of large amounts of memory to retrieve specific secrets and thus result in a time-consuming, obvious attack. We present an approach that allows a malicious hypervisor quick identification and theft of secrets, such as TLS, SSH or FDE keys, from encrypted virtual machines on current SEV hardware. We first observe activities of a virtual machine from within the hypervisor in order to infer the memory regions most likely to contain the secrets. Then, we systematically extract those memory regions and analyze their contents on-the-fly. This allows for the efficient retrieval of targeted secrets, strongly increasing the chances of a fast, robust and stealthy theft.

References

[1]

Advanced Micro Devices. 2008. Nested Paging . http://developer.amd.com/wordpress/media/2012/10/NPT-WP-1%201-final-TM.pdf .

[2]

Advanced Micro Devices. 2018. Secure Encrypted Virtualization API Version 0.16 . http://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf .

[3]

Michael Becher, Maximillian Dornseif, and Christian N Klein. 2005. FireWire: All Your Memory Are Belong To Us . Proceedings of CanSecWest .

[4]

Adam Boileau. 2006. Hit by a bus: Physical access attacks with Firewire . Presentation, Ruxcon .

[5]

Center for Information Technology Policy at Princeton University. 2008. Memory Research Project Source Code . https://citp.princeton.edu/research/memory/code/.

[6]

David Kaplan. 2017. Protecting VM Register State with SEV-ES . White Paper.

[7]

Christophe Devine and Guillaume Vissian. 2009. Compromission physique par le bus PCI . Proceedings of SSTIC .

[8]

Zhao-Hui Du, Zhiwei Ying, Zhenke Ma, Yufei Mai, Phoebe Wang, Jesse Liu, and Jesse Fang. 2017. Secure Encrypted Virtualization is Unsecure .arxiv: cs.CR/1712.05090 https://arxiv.org/abs/1712.05090

[9]

Xiao Guangrong. 2016. {PATCH v3 00/11} KVM: x86: Track Guest Page Access . http://www.mail-archive.com/[email protected]/msg1076006.html .

[10]

J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten. 2009. Lest We Remember: Cold-boot Attacks on Encryption Keys . Commun. ACM, Vol. 52, 5 (May 2009), 91--98.

Digital Library

[11]

Felicitas Hetzelt and Robert Buhren. 2017. Security Analysis of Encrypted Virtual Machines . In Proceedings of the 13th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (VEE '17). ACM, New York, NY, USA, 129--142.

Digital Library

[12]

Intel. 2017. Intel Architecture Memory Encryption Technologies Specification . https://software.intel.com/sites/default/files/managed/a5/16/Multi-Key-Total-Memory-Encryption-Spec.pdf .

[13]

CTS Labs. 2018. Severe Security Advisory on AMD Processors. Technical Report.

[14]

LibVMI Project. 2015. LibVMI Virtual Machine Introspection . http://libvmi.com/.

[15]

Microsoft. 2017. Microsoft Security Bulletin MS17-008 - Critical . https://technet.microsoft.com/en-us/library/security/ms17-008.aspx .

[16]

Mathias Morbitzer, Manuel Huber, Julian Horsch, and Sascha Wessel. 2018. SEVered: Subverting AMD's Virtual Machine Encryption. In Proceedings of the 11th European Workshop on Systems Security (EuroSec'18). ACM, New York, NY, USA, Article 1, bibinfonumpages6 pages.

Digital Library

[17]

Mathias Payer. 2016. AMD SEV Attack Surface: a Tale of too Much Trust . https://nebelwelt.net/blog/20160922-AMD-SEV-attack-surface.html .

[18]

Rekall Forensics. 2018. Rekall . http://www.rekall-forensic.com/.

[19]

The Linux Kernel Organization. 2018. The Definitive KVM (Kernel-based Virtual Machine) API Documentation . https://www.kernel.org/doc/Documentation/virtual/kvm/api.txt .

[20]

The Volatility Foundation. 2018. Open Source Memory Forensics . https://www.volatilityfoundation.org/.

[21]

VMware. 2017. VMSA-2017-0006: VMware ESXi, Workstation and Fusion Updates Address Critical and Moderate Security Issues . https://www.vmware.com/security/advisories/VMSA-2017-0006.html .

[22]

Yuming Wu, Yutao Liu, Ruifeng Liu, Haibo Chen, Binyu Zang, and Haibing Guan. 2018. Comprehensive VM Protection Against Untrusted Hypervisor Through Retrofitted AMD Memory Encryption. In 2018 IEEE International Symposium on High Performance Computer Architecture (HPCA). 441--453.

[23]

Xenproject.org Security Team. 2017. x86: Broken Check in memory_exchange() Permits PV Guest Breakout . https://xenbits.xen.org/xsa/advisory-212.html .

Cited By

Miladinović DMilaković AVukasović MStanisavljević ŽVuletić P(2024)Secure Multiparty Computation Using Secure Virtual MachinesElectronics10.3390/electronics1305099113:5(991)Online publication date: 5-Mar-2024
https://doi.org/10.3390/electronics13050991
Zuppelli MGuarascio MCaviglione LLiguori A(2024)No Country for Leaking Containers: Detecting Exfiltration of Secrets Through AI and SyscallsProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670884(1-8)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670884
Li MYang YChen GYan MZhang YQuek TGao DZhou JCardenas A(2024)SoK: Understanding Design Choices and Pitfalls of Trusted Execution EnvironmentsProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3644993(1600-1616)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3644993
Show More Cited By

Index Terms

Extracting Secrets from Encrypted Virtual Machines
1. Security and privacy
  1. Systems security
    1. Operating systems security
      1. Virtualization and security

Recommendations

SEVered: Subverting AMD's Virtual Machine Encryption
EuroSec'18: Proceedings of the 11th European Workshop on Systems Security

AMD SEV is a hardware feature designed for the secure encryption of virtual machines. SEV aims to protect virtual machine memory not only from other malicious guests and physical attackers, but also from a possibly malicious hypervisor. This relieves ...
Security Analysis of Encrypted Virtual Machines
VEE '17

Cloud computing has become indispensable in today's computer landscape. The flexibility it offers for customers as well as for providers has become a crucial factor for large parts of the computer industry. Virtualization is the key technology that ...
Security Analysis of Encrypted Virtual Machines
VEE '17: Proceedings of the 13th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments

Cloud computing has become indispensable in today's computer landscape. The flexibility it offers for customers as well as for providers has become a crucial factor for large parts of the computer industry. Virtualization is the key technology that ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CODASPY '19: Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy

March 2019

373 pages

ISBN:9781450360999

DOI:10.1145/3292006

General Chairs:
Gail-Joon Ahn
Arizona State University, USA
,
Bhavani Thuraisingham
University of Texas at Dallas, USA
,
Program Chairs:
Murat Kantarcioglu
University of Texas at Dallas, USA
,
Ram Krishnan
University of Texas at San Antonio, USA

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 March 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

German Federal Ministry for Economic Affairs and Energy

Conference

CODASPY '19

Sponsor:

SIGSAC

CODASPY '19: Ninth ACM Conference on Data and Application Security and Privacy

March 25 - 27, 2019

Texas, Richardson, USA

Acceptance Rates

Overall Acceptance Rate 149 of 789 submissions, 19%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

27
Total Citations
View Citations
308
Total Downloads

Downloads (Last 12 months)42
Downloads (Last 6 weeks)5

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Miladinović DMilaković AVukasović MStanisavljević ŽVuletić P(2024)Secure Multiparty Computation Using Secure Virtual MachinesElectronics10.3390/electronics1305099113:5(991)Online publication date: 5-Mar-2024
https://doi.org/10.3390/electronics13050991
Zuppelli MGuarascio MCaviglione LLiguori A(2024)No Country for Leaking Containers: Detecting Exfiltration of Secrets Through AI and SyscallsProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670884(1-8)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670884
Li MYang YChen GYan MZhang YQuek TGao DZhou JCardenas A(2024)SoK: Understanding Design Choices and Pitfalls of Trusted Execution EnvironmentsProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3644993(1600-1616)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3644993
Schlüter BSridhara SBertschi AShinde S(2024)WeSee: Using Malicious #VC Interrupts to Break AMD SEV-SNP2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00262(4220-4238)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00262
Li FLi XGao M(2023)Secure MLaaS with Temper: Trusted and Efficient Model Partitioning and Enclave ReuseProceedings of the 39th Annual Computer Security Applications Conference10.1145/3627106.3627145(621-635)Online publication date: 4-Dec-2023
https://dl.acm.org/doi/10.1145/3627106.3627145
Ahmad AOu BLiu CZhang XFonseca PAamodt TSwift MJerger N(2023)Veil: A Protected Services Framework for Confidential Virtual MachinesProceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 410.1145/3623278.3624763(378-393)Online publication date: 25-Mar-2023
https://dl.acm.org/doi/10.1145/3623278.3624763
You JLee KMoon HCho YPaek Y(2023)KVSEVProceedings of the 2023 ACM Symposium on Cloud Computing10.1145/3620678.3624658(233-248)Online publication date: 30-Oct-2023
https://dl.acm.org/doi/10.1145/3620678.3624658
Ghaniyoun MBarber KXiao YZhang YTeodorescu RSolihin YHeinrich M(2023)TEESec: Pre-Silicon Vulnerability Discovery for Trusted Execution EnvironmentsProceedings of the 50th Annual International Symposium on Computer Architecture10.1145/3579371.3589070(1-15)Online publication date: 17-Jun-2023
https://dl.acm.org/doi/10.1145/3579371.3589070
Qin HSong ZZhang WHuang SYao WLiu GJia XDu HShehab MFernandez MLi N(2023)Protecting Encrypted Virtual Machines from Nested Page Fault Controlled ChannelProceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy10.1145/3577923.3583659(165-175)Online publication date: 24-Apr-2023
https://dl.acm.org/doi/10.1145/3577923.3583659
Antonino PDerek AWołoszyn W(2023)Flexible Remote Attestation of Pre-SNP SEV VMs Using SGX EnclavesIEEE Access10.1109/ACCESS.2023.330885011(90839-90856)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3308850
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents