Auflistung nach Autor:in "Wilke, Luca"

Oder geben Sie die ersten Buchstaben ein:
Gerade angezeigt 1 - 1 von 1
  • Item
    Security analysis of confidential VMs on modern server architectures
    (2025-06-24) Wilke, Luca
    Cloud computing has transformed data management and IT practices for organizations and individuals alike, offering unmatched scalability, flexibility, and cost-efficiency. However, it comes with privacy concerns, as the cloud service providers can access all processed data. Trusted Execution Environments (TEEs) are one potential solution, offering a new form of isolation that even locks out the infrastructure operator. Attacks from any software component outside the TEE are thwarted by novel access restrictions while physical attacks are prevented by memory encryption. Even the operating system or hypervisor cannot overcome these restrictions. With Intel SGX, Intel TDX, and AMD SEV-SNP, both major x86 CPU vendors offer TEEs on their server CPUs. This thesis scrutinizes the extent to which the current TEE generation delivers on their security promises. We start this thesis by describing the isolation mechanisms implemented by SGX, TDX, and SEV-SNP. Building on these insights, we demonstrate that the trend to use deterministic memory encryption without integrity or freshness has several shortcomings. We show that monitoring deterministic ciphertexts for changes allows leaking information about the plaintext, which we exploit on SEV-SNP. SGX and TDX prevent straightforward exploitation by restricting software attackers from reading and writing the ciphertext, while SEV-SNP only restricts writing. Next, we challenge the security of such access restrictions by showing that an attacker with brief physical access to the memory modules can create aliases in the address space that bypass these safeguards. We exploit this on SEV-SNP to re-enable write access for software attackers, culminating in a devastating attack that forges attestation reports, undermining all trust in SEV-SNP. On SGX and TDX, such attacks are mitigated by a dedicated alias check at boot time. Finally, we examine the security of VM-based TEEs against single-stepping attacks, which allow instruction-granular tracing and have led to numerous high-stakes attacks on SGX. We show that SEV-SNP is also vulnerable to single-stepping and provide a software framework enabling easy access to single-stepping on SEV for future research. Next, we analyze the single-stepping security of Intel TDX, which comes with a built-in mitigation comprising a detection heuristic and a prevention mode. We uncover a flaw in the heuristic that stops the activation of the prevention mode, thereby re-enabling single-stepping on TDX. Furthermore, we unveil an inherent flaw in the prevention mode that leaks fine-grained information about the control flow.

KONTAKT

Universität zu Lübeck
Zentrale Hochschulbibliothek - Haus 60
Ratzeburger Allee 160
23562 Lübeck
Tel. +49 451 3101 2201
Fax +49 451 3101 2204


IMPRESSUM

DATENSCHUTZ

BARIEREFREIHEIT

Feedback schicken

Cookie-Einstellungen