Pith. sign in

REVIEW

Secure Encrypted Virtualization is Unsecure

Not yet reviewed by Pith; the record is open.

This paper has not been read by Pith yet. Machine review is queued; the pith claim, tier, and objections will appear here once it completes.

SPECIMEN: schema-true, not a live event

T0 review · schema-true

One-sentence machine reading of the paper's core claim.

pith:XXXXXXXX · record.json · timestamp

arxiv 1712.05090 v1 pith:H7DDKW3O submitted 2017-12-14 cs.CR

Secure Encrypted Virtualization is Unsecure

classification cs.CR
keywords machinesecureencryptedvirtualvirtualizationattackclouddesign
verification ladder T0 review T1 audit T2 compute T3 formal T4 reserved
0 comments
read the original abstract

Virtualization has become more important since cloud computing is getting more and more popular than before. There is an increasing demand for security among the cloud customers. AMD plans to provide Secure Encrypted Virtualization (SEV) technology in its latest processor EPYC to protect virtual machines by encrypting its memory but without integrity protection. In this paper, we analyzed the weakness in the SEV design due to lack of integrity protection thus it is not so secure. Using different design flaw in physical address-based tweak algorithm to protect against ciphertext block move attacks, we found a realistic attack against SEV which could obtain the root privilege of an encrypted virtual machine protected by SEV. A demo to simulate the attack against a virtual machine protected by SEV is done in a Ryzen machine which supports Secure Memory Encryption (SME) technology since SEV enabled machine is still not available in market.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.