SEVerity: Code Injection Attacks against Encrypted Virtual Machines

by   Mathias Morbitzer, et al.

Modern enterprises increasingly take advantage of cloud infrastructures. Yet, outsourcing code and data into the cloud requires enterprises to trust cloud providers not to meddle with their data. To reduce the level of trust towards cloud providers, AMD has introduced Secure Encrypted Virtualization (SEV). By encrypting Virtual Machines (VMs), SEV aims to ensure data confidentiality, despite a compromised or curious Hypervisor. The SEV Encrypted State (SEV-ES) extension additionally protects the VM's register state from unauthorized access. Yet, both extensions do not provide integrity of the VM's memory, which has already been abused to leak the protected data or to alter the VM's control-flow. In this paper, we introduce the SEVerity attack; a missing puzzle piece in the series of attacks against the AMD SEV family. Specifically, we abuse the system's lack of memory integrity protection to inject and execute arbitrary code within SEV-ES-protected VMs. Contrary to previous code execution attacks against the AMD SEV family, SEVerity neither relies on a specific CPU version nor on any code gadgets inside the VM. Instead, SEVerity abuses the fact that SEV-ES prohibits direct memory access into the encrypted memory. Specifically, SEVerity injects arbitrary code into the encrypted VM through I/O channels and uses the Hypervisor to locate and trigger the execution of the encrypted payload. This allows us to sidestep the protection mechanisms of SEV-ES. Overall, our results demonstrate a success rate of 100 highlight that memory integrity protection is an obligation when encrypting VMs. Consequently, our work presents the final stroke in a series of attacks against AMD SEV and SEV-ES and renders the present implementation as incapable of protecting against a curious, vulnerable, or malicious Hypervisor.


page 1

page 2

page 3

page 4


Secure Encrypted Virtualization is Unsecure

Virtualization has become more important since cloud computing is gettin...

SEVurity: No Security Without Integrity – Breaking Integrity-Free Memory Encryption with Minimal Assumptions

One reason for not adopting cloud services is the required trust in the ...

Exploiting Interfaces of Secure Encrypted Virtual Machines

Cloud computing is a convenient model for processing data remotely. Howe...

Insecure Until Proven Updated: Analyzing AMD SEV's Remote Attestation

Customers of cloud services have to trust the cloud providers, as they c...

undeSErVed trust: Exploiting Permutation-Agnostic Remote Attestation

The ongoing trend of moving data and computation to the cloud is met wit...

Intel TDX Demystified: A Top-Down Approach

Intel Trust Domain Extensions (TDX) is a new architectural extension in ...

VIA: Analyzing Device Interfaces of Protected Virtual Machines

Both AMD and Intel have presented technologies for confidential computin...

Please sign up or login with your details

Forgot password? Click here to reset