Can AMD Epyc fail?

AMD’s virtual machine encryption, Evil hypervisors can lift plaintext info out of ciphered memory, it is claimed

Theregister just reported that :

German researchers reckon they have devised a method to thwart the security mechanisms AMD’s Epyc server chips use to automatically encrypt virtual machines in memory.

The problem, said Fraunhofer AISEC researchers Mathias Morbitzer, Manuel Huber, Julian Horsch and Sascha Wessel, is that miscreants at the host level can alter a guest’s physical memory mappings, using standard page tables, so that the SEV mechanism fails to properly isolate and scramble parts of the VM in RAM. Here’s the team’s outline of the attack:

With SEVered, we demonstrate that it is nevertheless possible for a malicious HV [hypervisor] to extract all memory of an SEV-encrypted VM [virtual machine] in plaintext. We base SEVered on the observation that the page-wise encryption of main memory lacks integrity protection.

While the VM’s Guest Virtual Address (GVA) to Guest Physical Address (GPA) translation is controlled by the VM itself and opaque to the HV, the HV remains responsible for the Second Level Address Translation (SLAT), meaning that it maintains the VM’s GPA to Host Physical Address (HPA) mapping in main memory. This enables us to change the memory layout of the VM in the HV. We use this capability to trick a service in the VM, such as a web server, into returning arbitrary pages of the VM in plaintext upon the request of a resource from outside.

This is not the first time eggheads have uncovered shortcomings in SEV’s ability to lock down VMs: previous studies have examined how the memory management system can be exploited by hackers to poke inside encrypted guests. Fraunhofer AISEC’s study, emitted on Thursday this week, takes this a step further, demonstrating that, indeed, the entire memory contents of a virtual machine could be pulled by a hypervisor even when SEV is active.

A spokesperson for AMD was not available for comment. The team noted there are a few steps the chipmaker could take, though, to isolate the transition between the host and guest physical address process to mitigate the described attack.

Read the full report on Theregister 

• Author
• Recent Posts

Mohsen Daemi

Editor/ Author at UltraGamerZ

Mohsen Daemi|News author and moderator for news and gaming articles in ultragamerz.com. Mohsen as video games news reporter along everybody in ultragamerz work hard to bring you all the gaming news from direct and trusted sources. Mohsen provides the most recent news and trends of gaming. He has been Working last 6 years on online platforms, medias and online publishing. He was a contributer for fotoup.com and now in popular-photo.com. Mohsen is based in Massachusetts. In ultragamerz we provide the most recent news of technology and gaming.


CONTACTS DETAILS &FOR MORE INFO:
https://www.ultragamerz.com/contact/

Latest posts by Mohsen Daemi (see all)

• Solana Soars: Could a $450+ SOL Ignite a Meme Coin Frenzy? - June 26, 2024
• Rainbow Six Siege – Official Marketplace Trailer - June 25, 2024
• ImagenAI Poised for Takeoff: Can This Ethereum-Based AI Coin Go 20x? - June 25, 2024