Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Point Out 'Theoretical' Security Flaws In AMD's Upcoming Zen CPU (bleepingcomputer.com)

Posted by BeauHD on from the buyer-beware dept.

An anonymous reader writes from a report via BleepingComputer: The security protocol that governs how virtual machines share data on a host system powered by AMD Zen processors has been found to be insecure, at least in theory, according to two German researchers. The technology, called Secure Encrypted Virtualization (SEV), is designed to encrypt parts of the memory shared by different virtual machines on cloud servers. AMD, who plans to ship SEV with its upcoming line of Zen processors, has published the technical documentation for the SEV technology this past April. The German researchers have analyzed the design of SEV, using this public documentation, and said they managed to identify three attack channels, which work, at least in theory.

[In a technical paper released over the past weekend, the researchers described their attacks:] "We show how a malicious hypervisor can force the guest to perform arbitrary read and write operations on protected memory. We describe how to completely disable any SEV memory protection configured by the tenant. We implement a replay attack that uses captured login data to gain access to the target system by solely exploiting resource management features of a hypervisor." AMD is scheduled to ship SEV with the Zen processor line in the first quarter of 2017.

35 of 57 comments (clear)

  1. Re:Question by 110010001000 · · Score: 1

    This is software (microcode) vulnerabilities, not hardware. I don't know why this attack would matter, it needs a malicious hypervisor. I only read the summary, because it really doesn't matter. The cloud isn't secure anyway.

  2. Malicious Hypervisor by mhkohne · · Score: 4, Insightful

    I only read the abstract, but once you use the words 'malicious hypervisor', I figure it's game over. I know that AMD is touting this SEV as a solution, but there's no way you are going to convince me that the thing that controls the nature of my VM's reality isn't capable of getting and controlling everything that VM has.

    --
    A thousand pounds of wood moving at 300 feet per minute. Don't get in the way.
    1. Re:Malicious Hypervisor by Anonymous Coward · · Score: 1

      I accept that I'm not going to convince you, but it's true. One of the points of intel SGX is that all pages of memory are encrypted, on the die, by the using keys that only a single enclave (e.g. VM) has access to. These keys are setup by an external channel using negotiation keys that private to the manufacturer of the hardware. You can sign a package and ship it off to a CPU, knowing that nobody but the cpu itself can see what's in it -- even probe on the memory bus. You dont' have to trust your hypervisor or your system admin. You just have to trust your cpu fab facility, which you do already. While it is theoretically possible to pull these keys off the CPU, you can't do so without being noticed.

    2. Re:Malicious Hypervisor by haruchai · · Score: 3

      "We would like to emphasize that we did not break AMD
      SEV itself but rather evaluated the design issues present
      in the documentation in respect to their usefulness for a
      malicious or compromised hypervisor"

      I'd say there's a very slim chance of this happening.
      Intel's SGX certainly *sounds* more secure but require changes to source code which could get very, very expensive so unlikely to be implemented in most cases for existing setups.

      --
      Pain is merely failure leaving the body
    3. Re:Malicious Hypervisor by donour · · Score: 1

      No. The VM does not have the key. The hardware has the key and only that core can run it. Practically, someone can take the die apart, xray it, and get the key. At that point they have access to the code that was was on that cpu -- maybe -- but you can avoid total loss by distributing across a large number of cores. The intel implementation was broken, but the idea is pretty sound. Seriously, read the papers.

    4. Re:Malicious Hypervisor by Carewolf · · Score: 2

      One of the points of intel SGX is that all pages of memory are encrypted

      As far I understand the SGX scheme, only special memory accessed by special SGX instructions are encrypted. SEV is very different, it encrypts everything and doesn't need special new instructions, but can protect legacy code, which SGX can not.

    5. Re:Malicious Hypervisor by ooloorie · · Score: 1

      I know that AMD is touting this SEV as a solution, but there's no way you are going to convince me that the thing that controls the nature of my VM's reality isn't capable of getting and controlling everything that VM has.

      There are plenty of processors that run in adversarial environments; a common example is the chip card on your credit card. There is no conceptual problem with scaling that up to high performance servers.

      Neither AMD nor Intel are going to get this right on the first or second try, but eventually, they will. It won't be entirely secure because there are still hardware attacks possible, but for 99.9% of applications, where you simply don't want personal info to leak, it's a good solution.

  3. All current Intel chips have vulnerabilities etc by Anonymous Coward · · Score: 2, Funny

    This is simply paid Intel FUD against their only competitor in the x86 space. All Intel chips have ring 0 and higher vulnerabilities- which is why Windows and Linux machines can be 'pwned' so easily in competitions that offer rewards to hackers who can breach fully patched x86 machines. All of Intel's so-called unhackable private memory space hardware functions have been shown to be utterly useless against informed attacks.

    And worse, Intel (and AMD) have NSA and GCHQ back-doors in their CPUs that operate above ring 0 using chip internal resources that no external security program can lock-down. And what the NSA knows, Israel government agents know. And what Israel knows, criminal tribe members in the Ukraine and other East European crime cesspits know.

    No 'magic' hardware in any of your CPUs is going to make your computer safe from hacking. Saying otherwise is simple markeding puffery from Intel and AMD. But saying that AMD is 'broken' without reporting the fact that so is Intel- thanks to the NSA- is simple pro-Intel advertising.

  4. So how long did they know? by future+assassin · · Score: 1

    and are now just releasing this just before the release of the chips?

    --
    by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
  5. Non story by wbr1 · · Score: 4, Insightful

    1. Needs a malicious hypervisor. If you trust your critical data/systems on a VM that us under a hypervisor you do not control, well you deserve what is coming to you. This is no different than someone having physical access to your hardware, all bets are off.

    2. Regular consumers are not going to care about this or have to worry about it.

    If the price/performance of this family pans out as promised, it will get foothold in the server market and HPC market. Both will find ways to secure against this -or own their own metal-. Plus there are plenty of uses that run bare metal.

    Are we sure this wasn't an Intel funded FUD study?

    --
    Silence is a state of mime.
    1. Re:Non story by BlueCoder · · Score: 1

      Thanks. Wanted to make sure I understood... "malicious hypervisor"....

      I had no idea anyone was trying to create a hypervisor that didn't have transparent access to it's guests. It's impressive that they tried. But there are lots of new experimental features in each generation of CPU's that won't necessarily follow in the next design. I doubt they though it would be secure on the first try. We don't have that security now so there is no loss. And even if it does happen in the future it will be 20 years before I even consider trusting it. And even then I would need expert testimony of someone that had reverse engineered the chip under a microscope to ensure there are no back doors.

    2. Re:Non story by gravewax · · Score: 1

      Everyone has been trying to create secured guests where you can limit what a malicious admin can do. Microsoft has Shielded VM's, VMWare has its various vShield technologies etc etc.

    3. Re:Non story by Carewolf · · Score: 1

      Thanks. Wanted to make sure I understood... "malicious hypervisor"....

      I had no idea anyone was trying to create a hypervisor that didn't have transparent access to it's guests. It's impressive that they tried. But there are lots of new experimental features in each generation of CPU's that won't necessarily follow in the next design. I doubt they though it would be secure on the first try. We don't have that security now so there is no loss. And even if it does happen in the future it will be 20 years before I even consider trusting it. And even then I would need expert testimony of someone that had reverse engineered the chip under a microscope to ensure there are no back doors.

      Well, they have been trying for a while. And it is not just the hypervisor the protecting against, it is "malicious users". One of the key application of these technologies is DRM, so users can't access protected content.

    4. Re:Non story by segedunum · · Score: 1

      If the price/performance of this family pans out as promised, it will get foothold in the server market and HPC market. Both will find ways to secure against this -or own their own metal-. Plus there are plenty of uses that run bare metal.

      It's difficult to know what to make of this, but as soon as I started reading it it was like they were stirring for something. The Intel Managament Engine on the other hand, no one has the faintest idea what that thing is doing ;-).

      If Zen is somewhere in the ballpark of what Intel have, and more importantly gives them an architecture they can build on over the next few years which they just haven't had, then they are going to sell a lot of these. The chips and boards will inevitably be a lot cheaper than Intel's.

  6. Not the point by mike.mondy · · Score: 1

    We show how a malicious hypervisor can force the guest...

    So, having access to the physical hardware means game over? Gee, what a surprise. Preventing one VM from accessing or affecting another is useful. Offhand, I can't imagine much of a need to preventing a hypervisor from accessing the VMs that it controls...

    1. Re:Not the point by Kjella · · Score: 1

      So, having access to the physical hardware means game over? Gee, what a surprise. Preventing one VM from accessing or affecting another is useful. Offhand, I can't imagine much of a need to preventing a hypervisor from accessing the VMs that it controls...

      Isn't that quite obvious? It's like renting a security deposit box but you don't want a glass box the bank can look inside. If it was just static data you'd encrypt it then send it over. It's lot harder for a running program, but I guess they're trying anyway that they just run it, but you sit on the keys to decrypt what it's really doing.

      --
      Live today, because you never know what tomorrow brings
    2. Re:Not the point by Luthair · · Score: 1

      I imagine the idea is that another VM manages to exploit a flaw in the hypervisor gaining control.

    3. Re:Not the point by Szeraax · · Score: 1

      What if the DHS hacks your Hypervisor? Maybe people will pay a premium to have a more protected VM IaaS setup.

    4. Re:Not the point by gweihir · · Score: 1

      The need is pretty clear: Processing of data that needs to be secure against the cloud-provider. That this is very likely infeasible is however quite clear as well. In the worst case, a malicious hypervisor could just run on entirely different hardware and simulate all the protection features that are supposedly preventing it from full access to the VMs, thereby getting that access. The best this technology could ever hope to achieve is to make it somewhat harder for the cloud provider to look at a full, decrypted VM state.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    5. Re:Not the point by gweihir · · Score: 1

      Then it is game over. And this is not a surprise at all. Virtualization _decreases_ security, by offering more attack surface.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    6. Re:Not the point by mike.mondy · · Score: 1

      The need is pretty clear: Processing of data that needs to be secure against the cloud-provider. That this is very likely infeasible [...] a malicious hypervisor could just run on entirely different hardware and simulate all the protection features [ ... ]

      Right - there's a need for secure remote computing.

      But, remote security in general is a different topic than discussing VMs on hostile hypervisors. If you don't trust the people who control the hypervisor, any discussion of vectors of access to the VMs is academic. Because there *will* be ways - both software and hardware (for example, dual ported memory and ICE).

      So, the TFA seems to be fluff and FUD in attacking the lack of a pointless feature.

      Any solutions for secure remote computing probably need to involve a hosting setup where you have full control over the hardware, not a VM on hardware controlled by the site.

    7. Re:Not the point by gweihir · · Score: 1

      Actually, an attacker would only need to replace the hypervisor as I described and reboot the VMs. Job done. Sure, that is a lot of work, but once somebody writes that emulator, a short while later it will be out there for any criminal (whether private or government-employed) to use.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    8. Re:Not the point by gweihir · · Score: 1

      Yes, and more. For secure remote computing, you must be the only one to be able to access the hardware. The best you can get today is a locked rack in a data-center. That is also the only thing that gives you some level of trust. The cloud is not and will not be secure against the cloud-provider or anybody that hacks the cloud-provider. It also seems unlike that this will be solved on a technology-level anytime in the next few decades.

      As a matter of fact, this topic and the need for it is very, very old. When I studied for my Master's in CS (some 25 years back), it was already a hot topic. At that time it was trusted chip-cards offloading computations to untrusted servers and the like, but the base-problem is the same. There have been no convincing approaches on how to do it in > 30 years of research. The only thing we have now is Fully Homomorphic Encryption, but that has major functionality and performance limitations. You cannot even begin to use it to create an untrusted application to work on trusted data, you can just delegate some specific computations.

      For the next few decades, if you do not fully control the hardware and software, you are not secure. And it is actually getting worse, not better, with backdoors and bugs in hardware, software and firmware.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  7. Doesn't need to be: by Anonymous Coward · · Score: 1

    By the very nature of AMD, Intel, and ARM's current generation of processors, all of them expect you to trust the CPU and/or management engine not to be malicious, even while they're adding network capable backdoors and RTOSes with above supervisor level access to the memoryspace. Given that, the keys can be presumed compromisable and since they are symmetric only require a single leak to make the VM just as insecure as if it was cleartext running under a compromised hypervisor.

    Much like the Oracle 'memory coloring' it is just another layer of security theatre which doesn't solve the inherent issues of non-conformant processors allow attacks via undocumented 'features'. Fix the cpu errata, then the management engines, and THEN consider adding questionable features to 'enhance security of the vms'. Until those other two exploit channels are fixed, this is just another bypassable feature providing 'corporate grade security' while providing no 'real world' practicality.

  8. Re:Question by KiloByte · · Score: 3, Insightful

    Wouldn't one of the attacks simply be: $5 wrench attack against a microcode engineer?

    (If you thought hacking an entire datacenter or hacking an entire operating system was bad.... Try hacking ALL INTEL or ALL AMD cpus..... pretty crazy.)

    You mean, something like Intel IME? Already there, in your CPU. I'm for one using an old AMD (Phenom 2) but I see no upgrade path at the moment. AMD's version of the backdoor is less vicious (no path from the network card) but not nice either.

    There's no outright proof of Intel CPUs being backdoored, but they made a number of very weird design choices that make absolutely no sense when the purpose is anything but hiding a backdoor. So let's think who gets the keys.

    --
    The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
  9. tl;dr by Megane · · Score: 2

    This new CPU has a security feature with a theoretical security flaw that at its worst will only make things as bad as they already are right now.

    --
    #naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
  10. Malicious Hypervisor???? by gweihir · · Score: 1

    Seriously? Here is news for all that do not get how virtualization works: If the hypervisor is malicious, you are screwed. It just has far too much control, and it needs it. So this is basically a non-issue.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  11. I just hope the thing competes, somewhere by AbRASiON · · Score: 1

    I have an Intel Quad Core, non HT CPU in both my PCs - one a 4590 other a 4690, I think. They run ok, pretty well, DDR3 - but they are still not 'snappy' enough for some operations.

    I want things blisteringly fast and I want Windows to NEVER slow down.
    I don't care what it takes, I don't know enough about tech, I just want it. Do I need a faster south or northbridge? Do I need more IO? Do I need the OS re-written to have a DEDICATED CPU at all times for 'basic usability' ?

    Apple (generally) has the UI as the highest priority no matter what and trickery to make their devices responsive, even when they aren't. I want this in Windows, somehow.
    I want to do some intensive CPU stuff over here, run a VM there, Firefox with 2000 tabs here and if it's in the god damned foreground, have it be damned responsive.

    I've got 24GB, my next machine will be 32GB of DDR4, I don't knwo how many cores or what chipset I need, just deliver it.

    Also, sidenote, my AMD Microserver running FreeNAS has been great, but man I'd love an ECC DDR4, 4 core compatible machine which can run in low power mode AND ramp up to high intensity at a reasonable price.

  12. So.... by segedunum · · Score: 1

    Has anyone looked at Intel's Management System yet......? ;-)

    1. Re:So.... by Highdude702 · · Score: 1

      Ofcourse but it doesn't bash AMD so.. you know. its not important.

  13. Re:Question by ooloorie · · Score: 1

    it needs a [1] malicious hypervisor. [2] I only read the summary, because it really doesn't matter. [3] The cloud isn't secure anyway.

    Secure encrypted memory is supposed to address [3] by preventing [1] from being effective.

    And your problem is [2]: you don't read and you don't think.

  14. Re:All current Intel chips have vulnerabilities et by ooloorie · · Score: 1

    And worse, Intel (and AMD) have NSA and GCHQ back-doors in their CPUs that operate above ring 0 using chip internal resources that no external security program can lock-down.

    Fortunately, there are other choices. If you want a really secure processor, use a soft processor on an FPGA. Many embedded chips probably also fairly secure since there isn't much space to hide anything fancy.

  15. Chip not shipping yet? by RockDoctor · · Score: 1

    AMD, who plans to ship SEV with its upcoming line of Zen processors

    So, since no one sensible ever used V0 of anything (with the possible exception of V0 of "broken egg" for making omelettes), then by the time the appropriate die-level or firmware level fixes are incorporated into V1 chips, this should be a non-problem? Am I right?

    --
    Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
  16. Re:Question by EndlessNameless · · Score: 1

    You think you can defend against a malicious hypervisor?

    Wow, I have a bridge to sell you...

    --

    ---
    According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
  17. Re:Question by ooloorie · · Score: 1

    You think you can defend against a malicious hypervisor?

    With current hardware, no. With future hardware, yes. The problem is not much different from SIM cards or credit card chips: secure hardware running in a hostile environment.