- 简介AMD SEV-SNP提供了虚拟机级别的可信执行环境(TEEs),以保护敏感云工作负载的机密性和完整性,免受由云提供商控制的不受信任的超级管理程序的攻击。AMD引入了一个新的异常#VC,以便促进虚拟机和不受信任的超级管理程序之间的通信。我们提出了WeSee攻击,其中超级管理程序向受害者虚拟机的CPU注入恶意#VC,以破坏AMD SEV-SNP的安全保证。具体来说,WeSee注入了中断号29,该中断向虚拟机传递#VC异常,然后虚拟机执行相应的处理程序,在虚拟机和超级管理程序之间执行数据和寄存器的复制。WeSee表明,使用精心制作的#VC注入,攻击者可以在虚拟机中引发任意行为。我们的案例研究表明,WeSee可以泄露敏感虚拟机信息(NGINX的kTLS密钥),破坏内核数据(防火墙规则)并注入任意代码(从内核空间启动根shell)。
- 图表
- 解决问题WeSee: A Side-Channel Attack Exploiting the AMD Secure Encrypted Virtualization
- 关键思路The paper proposes a side-channel attack called WeSee that can compromise the security guarantees of AMD SEV-SNP by injecting malicious #VC exceptions into a victim VM's CPU.
- 其它亮点WeSee can leak sensitive VM information, corrupt kernel data, and inject arbitrary code. The paper presents case-studies demonstrating the effectiveness of the attack. The attack is performed using well-crafted #VC injections. The paper also discusses possible countermeasures.
- Related work includes research on side-channel attacks, virtualization security, and AMD SEV-SNP specifically. Some relevant papers include 'The Spy in the Sandbox: Practical Cache Attacks in Javascript and their Implications' and 'Virtualization Security: A Survey of Threats and Countermeasures'.
沙发等你来抢
去评论
评论
沙发等你来抢