TY - GEN
T1 - The SEVerESt of them all
T2 - 2019 ACM Asia Conference on Computer and Communications Security, AsiaCCS 2019
AU - Werner, Jan
AU - Mason, Joshua
AU - Antonakakis, Manos
AU - Polychronakis, Michalis
AU - Monrose, Fabian
N1 - Publisher Copyright:
© 2019 Copyright held by the owner/author(s).
PY - 2019/7/2
Y1 - 2019/7/2
N2 - The success of cloud computing has shown that the cost and convenience benefits of outsourcing infrastructure, platform, and software resources outweigh concerns about confidentiality. Still, many businesses resist moving private data to cloud providers due to intellectual property and privacy reasons. A recent wave of hardware virtualization technologies aims to alleviate these concerns by offering encrypted virtualization features that support data confidentiality of guest virtual machines (e.g., by transparently encrypting memory) even when running on top untrusted hypervisors. We introduce two new attacks that can breach the confidentiality of protected enclaves. First, we show how a cloud adversary can judiciously inspect the general purpose registers to unmask the computation that passes through them. Specifically,we demonstrate a set of attacks that can precisely infer the executed instructions and eventually capture sensitive data given only indirect access to the CPU state as observed via the general purpose registers. Second, we show that even under a more restrictive environment - where access to the general purpose registers is no longer available - we can apply a different inference attack to recover the structure of an unknown, running, application as a stepping stone towards application fingerprinting.We demonstrate the practicality of these inference attacks by showing how an adversary can identify different applications and even distinguish between versions of the same application and the compiler used, recover data transferred over TLS connections within the encrypted guest, retrieve the contents of sensitive data as it is being read from disk by the guest, and inject arbitrary data within the guest. Taken as a whole, these attacks serve as a cautionary tale of what can go wrong when the state of registers (e.g., in AMD's SEV) and application performance data (e.g., in AMD's SEV-ES) are left unprotected. The latter is the first known attack that was designed to specifically target SEV-ES.
AB - The success of cloud computing has shown that the cost and convenience benefits of outsourcing infrastructure, platform, and software resources outweigh concerns about confidentiality. Still, many businesses resist moving private data to cloud providers due to intellectual property and privacy reasons. A recent wave of hardware virtualization technologies aims to alleviate these concerns by offering encrypted virtualization features that support data confidentiality of guest virtual machines (e.g., by transparently encrypting memory) even when running on top untrusted hypervisors. We introduce two new attacks that can breach the confidentiality of protected enclaves. First, we show how a cloud adversary can judiciously inspect the general purpose registers to unmask the computation that passes through them. Specifically,we demonstrate a set of attacks that can precisely infer the executed instructions and eventually capture sensitive data given only indirect access to the CPU state as observed via the general purpose registers. Second, we show that even under a more restrictive environment - where access to the general purpose registers is no longer available - we can apply a different inference attack to recover the structure of an unknown, running, application as a stepping stone towards application fingerprinting.We demonstrate the practicality of these inference attacks by showing how an adversary can identify different applications and even distinguish between versions of the same application and the compiler used, recover data transferred over TLS connections within the encrypted guest, retrieve the contents of sensitive data as it is being read from disk by the guest, and inject arbitrary data within the guest. Taken as a whole, these attacks serve as a cautionary tale of what can go wrong when the state of registers (e.g., in AMD's SEV) and application performance data (e.g., in AMD's SEV-ES) are left unprotected. The latter is the first known attack that was designed to specifically target SEV-ES.
UR - https://www.scopus.com/pages/publications/85069975325
U2 - 10.1145/3321705.3329820
DO - 10.1145/3321705.3329820
M3 - Conference contribution
AN - SCOPUS:85069975325
T3 - AsiaCCS 2019 - Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security
SP - 73
EP - 85
BT - AsiaCCS 2019 - Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security
PB - Association for Computing Machinery, Inc
Y2 - 9 July 2019 through 12 July 2019
ER -