Projects per year
Abstract
AMD SEV is a trusted-execution environment (TEE), providing confidentiality and integrity for virtual machines (VMs). With AMD SEV, it is possible to securely run VMs on an untrusted hypervisor. While previous attacks demonstrated architectural shortcomings of earlier SEV versions, AMD claims that SEV-SNP prevents all attacks on the integrity.
In this paper, we introduce CacheWarp, a new software-based fault attack on AMD SEV-ES and SEV-SNP, exploiting the possibility to architecturally revert modified cache lines of guest VMs to their previous (stale) state. Unlike previous attacks on the integrity, CacheWarp is not mitigated on the newest SEV-SNP implementation, and it does not rely on specifics of the guest VM. CacheWarp only has to interrupt the VM at an attacker-chosen point to invalidate modified cache lines without them being written back to memory. Consequently, the VM continues with architecturally stale data. In 3 case studies, we demonstrate an attack on RSA in the Intel IPP crypto library, recovering the entire private key, logging into an OpenSSH server without authentication, and escalating privileges to root via the sudo binary. While we implement a software-based mitigation proof-of-concept, we argue that mitigations are difficult, as the root cause is in the hardware.
In this paper, we introduce CacheWarp, a new software-based fault attack on AMD SEV-ES and SEV-SNP, exploiting the possibility to architecturally revert modified cache lines of guest VMs to their previous (stale) state. Unlike previous attacks on the integrity, CacheWarp is not mitigated on the newest SEV-SNP implementation, and it does not rely on specifics of the guest VM. CacheWarp only has to interrupt the VM at an attacker-chosen point to invalidate modified cache lines without them being written back to memory. Consequently, the VM continues with architecturally stale data. In 3 case studies, we demonstrate an attack on RSA in the Intel IPP crypto library, recovering the entire private key, logging into an OpenSSH server without authentication, and escalating privileges to root via the sudo binary. While we implement a software-based mitigation proof-of-concept, we argue that mitigations are difficult, as the root cause is in the hardware.
Original language | English |
---|---|
Title of host publication | Proceedings of the 33nd USENIX Security Symposium |
Publisher | USENIX Association |
Publication status | E-pub ahead of print - 30 Sept 2023 |
Event | 33rd USENIX Security Symposium: USENIX Security 2024 - Philadelphia Marriott Downtown, Philadelphia, United States Duration: 14 Aug 2024 → 16 Aug 2024 https://www.usenix.org/conference/usenixsecurity24 |
Conference
Conference | 33rd USENIX Security Symposium: USENIX Security 2024 |
---|---|
Abbreviated title | USENIX |
Country/Territory | United States |
City | Philadelphia |
Period | 14/08/24 → 16/08/24 |
Internet address |
Fingerprint
Dive into the research topics of 'CacheWarp: Software-based Fault Injection using Selective State Reset'. Together they form a unique fingerprint.Projects
- 1 Active
-
EU - FSSec - Foundations for Sustainable Security
Gruss, D. (Co-Investigator (CoI))
1/03/23 → 29/02/28
Project: Research project