research-article

Open access

The SEVerESt Of Them All: Inference Attacks Against Secure Virtual Enclaves

Authors:

Jan Werner,

Joshua Mason,

Manos Antonakakis,

Michalis Polychronakis,

Fabian MonroseAuthors Info & Claims

Asia CCS '19: Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security

Pages 73 - 85

https://doi.org/10.1145/3321705.3329820

Published: 02 July 2019 Publication History

PDF eReader

Abstract

The success of cloud computing has shown that the cost and convenience benefits of outsourcing infrastructure, platform, and software resources outweigh concerns about confidentiality. Still, many businesses and individuals resist moving private data to cloud providers due to intellectual property and privacy reasons. A recent wave of hardware virtualization technologies aims to alleviate these concerns by offering encrypted virtualization features that support data confidentiality of guest virtual machines (e.g., by transparently encrypting memory) even when running on top untrusted hypervisors. We introduce two new attacks that can breach the confidentiality of protected enclaves. First, we show how a cloud adversary can judiciously inspect the general purpose registers to unmask the computation that passes through them. Specifically, we demonstrate a set of attacks that can precisely infer the executed instructions and eventually capture sensitive data given only indirect access to the CPU state as observed via the general purpose registers. Second, we show that even under a more restrictive environment - where access to the general purpose registers is no longer available - we can apply a different inference attack to recover the structure of an unknown, running, application as a stepping stone towards application fingerprinting. We demonstrate the practicality of these inference attacks by showing how an adversary can identify different applications and even distinguish between versions of the same application and the compiler used, recover data transferred over TLS connections within the encrypted guest, retrieve the contents of sensitive data as it is being read from disk by the guest, and inject arbitrary data within the guest. Taken as a whole, these attacks serve as a cautionary tale of what can go wrong when the state of registers (e.g., in AMD's SEV) and application performance data (e.g. in AMD's SEV-ES) are left unprotected. The latter is the first known attack that was designed to specifically target SEV-ES.

References

[1]

{RFC PATCH v1 00/18} x86: Secure memory encryption (AMD). https://www.mail-archive.com/[email protected]/msg02713.html, 2016.

Abstract

References

Cited By

Recommendations

One Glitch to Rule Them All: Fault Injection Attacks Against AMD's Secure Encrypted Virtualization

Insecure Until Proven Updated: Analyzing AMD SEV's Remote Attestation

Inference attacks against trust-based onion routing: Trust degree to the rescue

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Funding Sources

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

PDF

eReader

Get Access

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations