In October, AMD has officially published the data on the built-in processor architecture Zen protection of virtual machines. Cloud services, as you might guess, are doing the work with remote services of a universal phenomenon and, therefore, become a stumbling block to malicious actions. AMD has decided to go at the head of the data protection process at the processor level and its cache. Thus, the server Zen version will have built-in Secure data encryption blocks Memory Encryption
(SME) and Secure Encrypted Virtualization (SEV). Documentation explaining how to work blocks are already in the public domain.
Interestingly, based on the available data, two German security specialist could be found in the work of the mechanism of AMD Secure Encrypted Virtualization three potential vulnerabilities. a number of issues SEV technology recognized by them promising, but challenging. Looking ahead, we note that AMD has commented on the accusations in the shortcomings that Zen-generation products on the market yet, so can not speak about the vulnerability. S
Before we talk about vulnerability, we recall that the SEV encrypts the data in the cache processor 128-bit AES-keys (with key for each virtual machine). The data is decrypted when loaded into the processor cache is encrypted and after unloading. Encryption and decryption work for memories and for applications. This allow to protect against attacks from a potentially vulnerable hypervisor.
On paper it looks nice, but experts presented three scenarios, in which case the SEV protection may not work. Firstly, in the case of SEV does not provide encryption command control blocks, gave itself the hypervisor, which will bypass the SEV. Second, the values of the general-purpose registers in Zen is not encrypted, which leads to the potential leakage of critical data. Third, the realized investment management method such as nested page tables allow vulnerable hypervisor to control the
virtual machine and apply the so-called replay attack (memory replay attacks). Once again I emphasize that all three scenarios exist only on paper, but what prevents implement them? Related Products :
|