Projects per year
Abstract
Modern cloud environments greatly facilitate efficiency as workloads of multiple tenants running on the same physical system, often grouped by functionality, e.g., function-as-a-service containers, or platform-as-a-service virtual machines. However, the sharing of physical hardware resources across mutually distrusting tenants comes with security implications. Consequently, cloud providers also offer higher security levels with trusted execution environments in the form of confidential virtual machines, e.g., Intel TDX and AMD SEV-SNP. Many works have shown that attackers can exploit microarchitectural side channels in cloud scenarios, including attacks on trusted-execution environments. However, the practical relevance of these attacks hinges on the co-location of the attacker with its victim on the same physical machine within the data center. Prior work has presented co-location detection techniques that work inside containers or on regular virtual machines. However, co-location detection techniques for confidential virtual machines, e.g., AMD SEV-SNP, have not been studied yet, as these have to be performed from within AMD SEV-SNP virtual machines to target the same physical host machine.
In this paper, we present the first co-location detection technique working on confidential virtual machine hosts. We exploit the new SecureTSC feature supported on recent AMD processors with SEV-SNP. SecureTSC is intended to provide a trusted timing source to confidential virtual machines that cannot be tampered with by the host. We systematically study the behavior of SecureTSC and show that it can be exploited to detect whether two confidential virtual machines are co-located. We demonstrate our co-location detection in a concrete scenario, where two confidential virtual machines attempt to co-locate with each other. Our attack uses a minimal network protocol, TsCupid, to determine whether any of the connected confidential virtual machines are co-located. We practically evaluate our attacks and show that we can detect co-location within 0.13 seconds in a fully parallelized way, minimizing the cost for an attack. Finally, we show that our attack cannot be mitigated without modifying the SecureTSC feature and propose a concrete design change that would fully prevent our attack.
In this paper, we present the first co-location detection technique working on confidential virtual machine hosts. We exploit the new SecureTSC feature supported on recent AMD processors with SEV-SNP. SecureTSC is intended to provide a trusted timing source to confidential virtual machines that cannot be tampered with by the host. We systematically study the behavior of SecureTSC and show that it can be exploited to detect whether two confidential virtual machines are co-located. We demonstrate our co-location detection in a concrete scenario, where two confidential virtual machines attempt to co-locate with each other. Our attack uses a minimal network protocol, TsCupid, to determine whether any of the connected confidential virtual machines are co-located. We practically evaluate our attacks and show that we can detect co-location within 0.13 seconds in a fully parallelized way, minimizing the cost for an attack. Finally, we show that our attack cannot be mitigated without modifying the SecureTSC feature and propose a concrete design change that would fully prevent our attack.
Original language | English |
---|---|
Title of host publication | Applied Cryptography and Network Security |
Subtitle of host publication | 23rd International Conference, ACNS 2025, Munich, Germany, June 23rd-26th, 2025, Proceedings |
Publisher | Springer |
Publication status | Published - 23 Jun 2025 |
Event | 23rd International Conference on Applied Cryptography and Network Security - Munich, Germany Duration: 23 Jun 2025 → 26 Jun 2025 http://acns2025.fordaysec.de/ |
Conference
Conference | 23rd International Conference on Applied Cryptography and Network Security |
---|---|
Abbreviated title | ACNS |
Country/Territory | Germany |
City | Munich |
Period | 23/06/25 → 26/06/25 |
Internet address |
Fields of Expertise
- Information, Communication & Computing
Fingerprint
Dive into the research topics of 'Not So Secure TSC'. Together they form a unique fingerprint.Projects
- 2 Active
-
EU - FSSec - Foundations for Sustainable Security
Gruss, D. (Co-Investigator (CoI))
1/03/23 → 29/02/28
Project: Research project
-
Special Research Area (SFB) F85 Semantic and Cryptographic Foundations of Security and Privacy by Compositional Design
Mangard, S. (Co-Investigator (CoI))
1/01/23 → 31/12/26
Project: Research project