Monday, May 28th 2018

AMD EPYC Secure Encrypted Virtualization Not So Secure: Researchers

Secure Encrypted Virtualization (SEV) was touted as one of the killer features of AMD EPYC and Ryzen Pro series processors. It involves encryption of parts of the memory of the host machine which house virtual machines (or guests), with encryption keys stored on the processor, so the host has no scope of infiltrating or reading the contents of the guest's memory. This was designed to build trust in cloud-computing and shared hosting industries, so web-present small businesses with sensitive data could have some peace of mind and wouldn't have to spend big on dedicated hosting. A Germany-based IT security research team from Fraunhofer AISEC, thinks otherwise.

Using a technique called "SEVered," the researchers were able to use rogue host-level administrator, or malware within a hypervisor, to bypass SEV and copy decrypted information from the guest machine's memory. The exploit involves alteration of the guest machine's physical memory mappings using standard page tables, so SEV can't properly isolate and encrypt parts of the guest in the physical memory. The exploit is so brazen, that you could pull plaintext information out of compromised guests. The researchers published a paper on SEVered, along with technical details of the exploit.
Source: The Register
Add your own comment

31 Comments on AMD EPYC Secure Encrypted Virtualization Not So Secure: Researchers

#26
BorgOvermind
AssimilatorWhile it's great that we're finally getting real security people looking at CPUs, it's terrifying that the manufacturers themselves never did this due diligence.
They look but they don't tell.

That's how intel and seagate got away with complete spy programs until Kas revealed them.
Posted on Reply
#27
medi01
"Admins can do evil things"
Totally not FUD campaign against AMD, who is thrashing Intel on multicore front.
Posted on Reply
#28
Fx
jango_kThey are REPLACING the host hypervisor with a new one which is specifically allowed to snoop in the memory accesses. And they still need a VM on the same host to be a web server of allow other kind of memory access to the same ram as the target VM. This cannot be done in a datacenter without collusion with IT administrators from the whole chain of command.
Blaming the manufacturer because the product does not behave the same after the user flashes a new bios is unfathomable.
Even CTS Labs would not stoop so low as to report this a vulnerability.
Exactly. I called BS before I even read it. Sure enough, yet another "vulnerability" when someone has direct access to the servers.
Posted on Reply
#29
remixedcat
This "newly discovered vulnerability" is nothing new. People have been circumventing penetrating to the host.

With Parallels virtuozzo containers you can go up the chain of command to infiltrate the host.

More examples here en.wikipedia.org/wiki/Virtual_machine_escape
Posted on Reply
#30
lexluthermiester
Someone correct me if wrong, this is related to the recent CTS thing? Seems along the same lines..
Posted on Reply
#31
Patriot
lexluthermiesterSomeone correct me if wrong, this is related to the recent CTS thing? Seems along the same lines..
It is... But also valid in the same sense as the cts vulnerabilities are. The feature being bypassesed was designed to stop malicious hypervisors, Intel's security researcher managed to find a way around it. And this was published with a degree of separation same as cts.
Posted on Reply
Add your own comment
Dec 22nd, 2024 21:17 EST change timezone

New Forum Posts

Popular Reviews

Controversial News Posts