Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Crack Open AMD's Server VM Encryption (theregister.co.uk)

Posted by msmash on from the security-woes dept.

Shaun Nichols, reporting for The Register: A group of German researchers have devised a method to thwart the VM security in AMD's server chips. Dubbed SEVered (PDF), the attack would potentially allow an attacker, or malicious admin who had access to the hypervisor, the ability to bypass AMD's Secure Encrypted Virtualization (SEV) protections.

The problem, say Fraunhofer AISEC researchers Mathias Morbitzer, Manuel Huber, Julian Horsch and Sascha Wessel, is that SEV, which is designed to isolate VMs from the prying eyes of the hypervisor, doesn't fully isolate and encrypt the VM data within the physical memory itself.

7 of 50 comments (clear)

  1. "malicious admin" by Joffy · · Score: 4, Insightful

    I feel like some of these stories are like Bob's Home Security fails to protect you if your wife is a serial killer.

    1. Re:"malicious admin" by Anonymous Coward · · Score: 3, Interesting

      Hey, Intel paid a lot of shekels for this very valuable research!

    2. Re:"malicious admin" by vux984 · · Score: 3, Insightful

      "I feel like some of these stories are like Bob's Home Security fails to protect you if your wife is a serial killer."

      To an extent they are, but if you are using cloud providers, the other tennants, and the monkeys at the cloud provider itself should all be considered potentially hostile.

      And even within companies there is this (legitimate) concept that everyone in IT shouldn't hold the keys to payroll, finance, HR, and the R&D trade secretes... so there are lots scenarios where the people administering the systems, the servers, the cloud fabric etc, shouldn't be able to get access to the contents of the virtual machines.

    3. Re:"malicious admin" by Anonymous Coward · · Score: 2, Interesting

      The old adage applies regardless: "He who has physical access, owns the data."

      It doesn't matter what it's running. If they have physical access, or local admin access, they own the data. All permissions derive from the admin account that set the system up in the first place. Trying to protect the system from the person who set it up / is responsible for maintaining it, is a fool's errand.

      The only reason we are having this discussion, is because everyone is too busy trying to save money by outsourcing the complexities and costs of IT to others while still trying to claim that they are the sole possessors of the data / processes. Nobody cares about the actual security, all they care about is the money. Well guess what? IT is a cost center. It doesn't make you money directly, but it is required to enable you to make money in a modern marketplace. You get from it exactly what you put into it. You don't wanna pay to manage your own IT? Don't expect the admin that's not under your control to abide by your desires. Sure you can have "agreements" and "contracts" with them, but remember this: Contracts and agreements only specify redress. They don't prevent a leak or malicious intent from happening in the first place. If your sole value in something is it's information. Then giving it to others should be the last thing on your mind. Especially if you are a service economy that doesn't produce enough to maintain itself if worse comes to worst and the info is copied without your consent by a competitor.

      TL;DR if you don't trust the person with permission to manage your IT with the data the IT contains, then you need to find someone you do trust to do it. Beyond that, the only assurance you have is the time it will take to copy it.

    4. Re:"malicious admin" by TheRaven64 · · Score: 2

      The entire point of SEV (and Intel's SGX) is to protect the code against a malicious hypervisor. AMD tries to make a dubious distinction between a 'malicious' hypervisor and a 'compromised' hypervisor. Apparently they believe that if an attacker is able to run arbitrary code in the hypervisor, they are less of a threat than if they installed the same malicious code early on.

      That said, this is not news. There was a paper published at VEE a year ago (by the same researchers) showing how broken SEV is. Paolo Bonzini (KVM maintainer at Red Hat, among other things) was on the PC and pointed out that they had sent feedback to AMD prior to their shipping it pointing out that the design was fundamentally flawed. Apparently Microsoft sent similar feedback. AMD shipped it anyway, because they needed something to compete with SGX (which is less broken, but also a lot less general).

      --
      I am TheRaven on Soylent News
  2. Wait a minute... by Narcocide · · Score: 4, Insightful

    If you have access to the hypervisor you already have full control over the guests even without this "exploit." Why is this considered a big deal exactly?

  3. Insecure by design by duke_cheetah2003 · · Score: 2

    All modern PC's were never designed with the thought in mind: There will be millions of attacks against this to try and break in.

    We just didn't think about that when we designed this stuff, which was before the internet really took off. Of course it's all insecure and broken, it wasn't designed to be hardened against the countless ways security researchers are finding into these designs.

    When the "forces that be" decide to scrap everything we've created upto now, and start anew, with a security focus right at the starting line, then we'd get some hardware and software platforms that're truly hardened against any attack.

    Bandaids over the x86 paradigm? Waste of time. It's never going to be secure, not against everything everytime. It's just not designed to be secure, we didn't think it needed to be. We didn't think there'd be millions of malicious actors in the wild, with our computers all interconnected by the internet, so everything is exposed to everyone. We just didn't think that'd ever happen. It shows.