Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

SEVurity: No security without integrity: Ng integrity-free memory encryption with minimal assumptions

: Wilke, L.; Wichelmann, J.; Morbitzer, M.; Eisenbarth, T.


Ciocarlie, G. ; Institute of Electrical and Electronics Engineers -IEEE-:
41st IEEE Symposium on Security and Privacy, SP 2020 : San Francisco, California, USA, 18-21 May 2020 : proceedings
Piscataway, NJ: IEEE, 2020
ISBN: 978-1-72813-497-0
ISBN: 978-1-72813-498-7
Symposium on Security and Privacy (SP) <41, 2020, Online>
Fraunhofer AISEC ()

One reason for not adopting cloud services is the required trust in the cloud provider: As they control the hypervisor, any data processed in the system is accessible to them. Full memory encryption for Virtual Machines (VM) protects against curious cloud providers as well as otherwise compromised hypervisors. AMD Secure Encrypted Virtualization (SEV) is the most prevalent hardware-based full memory encryption for VMs. Its newest extension, SEV-ES, also protects the entire VM state during context switches, aiming to ensure that the host neither learns anything about the data that is processed inside the VM, nor is able to modify its execution state. Several previous works have analyzed the security of SEV and have shown that, by controlling I/O, it is possible to exfiltrate data or even gain control over the VM's execution. In this work, we introduce two new methods that allow us to inject arbitrary code into SEV-ES secured virtual machines. Due to the lack of proper in tegrity protection, it is sufficient to reuse existing ciphertext to build a high-speed encryption oracle. As a result, our attack no longer depends on control over the I/O, which is needed by prior attacks. As I/O manipulation is highly detectable, our attacks are stealthier. In addition, we reverse-engineer the previously unknown, improved Xor-Encrypt-Xor (XEX) based encryption mode, that AMD is using on updated processors, and show, for the first time, how it can be overcome by our new attacks.