It’s a good thing AMD had the sense not to rub Intel’s nose in the Meltdown/Spectre vulnerability, because it would be getting it right back for this one: Researchers from the Fraunhofer Institute for Applied and Integrated Safety in Germany have published a paper detailing how to compromise a virtual machine encrypted by AMD’s Secure Encrypted Virtualization (SEV).
The news is a bit of a downer for AMD, since it just added Cisco to its list of customers for the EPYC processor. Cisco announced today plans to use EPYC in its density-optimized Cisco UCS C4200 Series Rack Server Chassis and the Cisco UCS C125 M5 Rack Server Node.
The UCS C125 M5 Rack Server Node supports up to two EPYC processors, up to 2TB of memory, two PCIe 3.0 slots, and an optional fourth-generation Cisco UCS VIC for complete programmability. Cisco says that this gives 128% more cores, 50 more servers, and 20 more storage per rack than previous Cisco products. Its target market is anyone needing high-density compute, such as analytics and cloud platforms.
What is SEV?
SEV comes with the new EPYC server processors from AMD. For some years now, AMD has been non-competitive on the server, with its Opteron server line lagging way behind the Intel Xeon and holding virtually no market share.
However, thanks to an advanced new core, code-named Zen, AMD has been revitalized and now poses a significant performance threat to Intel on both the desktop and server. The EPYC line, launched last year, comes with up to 32 cores, each capable of two threads per core. The new chips have gotten a lot of attention and support from HPE, Dell and Cray, among other players.
One of the notable features of EPYC and unique to it was SEV, which is designed to offer real-time, full memory encryption on virtualized machines. It encrypts and decrypts virtual machines on the fly while in RAM, locking out the host operating system, hypervisor and any malware on the computer. Each VM is assigned an address space ID, which is encrypted and on the CPU, and each VM gets its own space ID key.
This is something cloud providers will like, and it’s why Microsoft has signed up as an EPYC customer, because it lets providers assure customers that the memory and the VMs that live on their clouds are completely secured in a multitenant environment, even when moving the VM from one server to another.
Well, apparently it’s not so safe. The research team says the exploit they have found, which they named SEVered (cute), is capable of recovering plaintext memory data from guest VMs running on the same server as the VM that’s under attack.
“By repeatedly sending requests for the same resource to the service while re-mapping the identified memory pages, we extract all the VM’s memory in plaintext,” the researchers said in their paper, which was presented at at the 11th European Workshop on Systems Security, held in Porto, Portugal.
The attack works because the VM stores some of its data inside the main RAM memory, and “the page-wise encryption of main memory lacks integrity protection.” This allows an attacker to map out all of the memory and then request parts used by other nearby VMs, which they shouldn’t be able to do.
In tests of their attack, researchers said they were able to retrieve a test server’s entire memory contents, 2GB total, including data from a guest VM.
There is some good news, though. The attacker needs admin rights to modify a server’s hypervisor to carry out a SEVered attack, which should make compromising the server difficult and easier to defend. However, the researchers consider software-based countermeasures insufficient solutions against the attack because they would require considerable performance overhead.
“Therefore, a modification of AMD SEV seems inevitable to fully prevent SEVered. The best solution seems to be to provide a full-featured integrity and freshness protection of guest-pages additional to the encryption, as realized in Intel SGX,” they wrote.
AMD issued this statement:
AMD’s Secure Encrypted Virtualization (SEV) is designed to help protect virtual machines from inadvertent vulnerabilities in typical operating environments. SEV provides what was previously unavailable protection of memory in a virtual environment and is a first step to improving security for virtualization. AMD is currently working with the ecosystem to protect against vulnerabilities that are more difficult to exploit, such as malicious hypervisor attacks like those recently detailed by German researchers.