Update (29/05/18): Last week, a German-based IT security firm Fraunhofer AISEC uncovered a flaw in AMD’s EPYC server chip, completely bypassing its SEV security protocol. AMD has since issued a statement to reassure its users that it’s on the case.
“AMD’s Secure Encrypted Virtualization (SEV) is designed to help protect virtual machines from inadvertent vulnerabilities in typical operating environments. SEV provides what was previously unavailable protection of memory in a virtual environment and is a first step to improving security for virtualization,” explains the company.
“AMD is currently working with the ecosystem to protect against vulnerabilities that are more difficult to exploit, such as malicious hypervisor attacks like those recently detailed by German researchers.”
No time frame has been provided by the company as to when a fix might arrive, but enlisting the help of the experts that discovered it is sure to hasten the process.
Original Story (28/05/18): Secure Encrypted Virtualization (SEV) has acted as the pride and joy of AMD’s EPYC server chips since their debut, however, it turns out that this protocol might not offer the best security after all. German researchers claim to have cracked the measure, potentially putting the data-centre processors and AMD’s Ryzen Pro line at risk.
SEV decrypts and encrypts virtual machines utilising RAM, ensuring that the host operating system and malware on the host computer cannot interfere with the virtual machines or guests. Each individual virtual machine is assigned a cryptographic key, which is stored on the processor, enabling data to be ciphered and deciphered between memory and CPU cores for added protection.
Germany-based IT security research team Fraunhofer AISEC has since claimed to have found a way around this, publishing its research on how to take down Secure Encrypted Virtualization. Dubbed “SEVered”, the exploit allows attackers to bypass SEV completely in order to copy the decrypted data from the guest’s virtual memory.
“With SEVered, we demonstrate that it is nevertheless possible for a malicious HV [hypervisor] to extract all memory of an SEV-encrypted VM [virtual machine] in plaintext,” touts Fraunhofer AISEC. “We base SEVered on the observation that the page-wise encryption of main memory lacks integrity protection.”
Although SEV’s memory management has been exploited by hackers previously, Fraunhofer AISEC’s study seems to take this one step further by showcasing the ability to pull the entire memory contents of a virtual machine even when the security measure is active.
The details go quite in depth and can be found within the researchers’ paper, however the team is keen to emphasise that “SEVered is feasible in practice and that it can be used to extract the entire memory from a SEV-protected VM within reasonable time. The results specifically show that critical aspects, such as noise during the identification and the resource stickiness are managed well by SEVered.”
For now, Fraunhofer AISEC suggests that the best solution is “to provide a full-featured integrity and freshness protection of guest-pages additional to the encryption, as realized in Intel SGX. However, this likely comes with a high silicon cost to protect full VMs compared to SGX enclaves. A low-cost efficient solution could be to securely combine the hash of the page’s content with the guest-assigned GPA.”
KitGuru Says: It seems like there’s no sure fire way to protect against the new exploit, provided Fraunhofer AISEC’s claims hold as much weight as they seem to. Still, it seems that every processor has a shortcoming these days, so this is, unfortunately, to be expected.