As more computing heads to the clouds, security researchers are questioning the security of virtual machine control panels called hypervisors. One of the first hardware-based solutions to address these concerns will be deployed by chip manufacturer AMD, called Secure Encrypted Virtualization. The feature is part of its upcoming x86 AMD Zen server family of microprocessors, slated to be released in the second quarter of 2017.
But two German researchers are calling into question the security afforded by SEV, which is a processor extension that encrypts (using AES) guest memory in order to prevent a potentially malicious hypervisor from accessing guest data on virtual machines.
“We found that the currently proposed version of SEV is not up to the task owing to three design shortcomings,” according to Felicitas Hetzelt and Robert Buhren of the Technical University of Berlin who recently co-authored a technical review of the technology.
Because the AMD Zen chips are not yet available, researchers based their conclusions on publicly available documentation of the feature provided by AMD (PDF). In their analysis, researchers stressed that they cannot say for sure how attacks might apply to SEV on a real system.
AMD, in a short statement to Threatpost regarding the research study, said: “There are no AMD products in market with SEV, so it’s important to understand there is no existing vulnerability.”
Researchers say similar security approaches exist to protect data from malicious hypervisors, such as HyperWall and HyperCoffer. AMD hopes to bring that protection to the chip level and at the same time gain an edge over arch rival Intel, which does not yet have a similar hardware-based solution.
However, in their academic paper, Hetzelt and Buhren challenge AMD’s security assumptions that the SEV feature can thwart a malicious hypervisor controlled by a hacker from attacking virtual machines. The researchers were able to create three successful proof-of-concept attacks against SEV. They maintain that the SEV security measure can be fully circumvented under three scenarios.
“First, as with standard (AMD virtualization), under SEV, the virtual machine control block is not encrypted and handled directly by the hypervisor, allowing him to bypass VM memory encryption by executing conveniently chosen gadgets. Secondly, the general purpose registers are not encrypted upon vmexit, leaking potentially sensitive data. Finally, the control of the nested pagetables allows a malicious hypervisor to closely control the execution of a VM and attack it with memory replay attacks.”
Researchers explain that a system that can ensure the confidentiality of encryption keys in a virtual machine independently of whether the hypervisor has been compromised or not has a great potential to become widely used. Hence, the reports attention to a yet-to-be released AMD product.
“Although we discovered serious design issues of AMD’s SEV, we still think that the technology is promising considering the mitigations discussed in this paper,” Hetzelt and Buhren wrote.
This story was updated at 5:30 p.m. ET 12/8 to reflect the use of Advanced Encryption Standard (AES) as the specification used to protect guest memory within AMD’s Secure Encrypted Virtualization feature.
