Blackout period: November 14, 2023, 7:00 p.m
New vulnerability in SEV technology affects cloud computing
With “CacheWarp”, researchers from CISPA and Graz University of Technology have discovered a new software-based attack on the security technology “Secure Encrypted Virtualization” (SEV) from the processor manufacturer AMD. SEV is used to encrypt virtual machines and is intended to ensure data security on cloud services. Until recently, CacheWarp made it possible to bypass the latest versions of the security feature, SEV-ES (Encrypted State) and SEV-SNP (Secure Nested Paging). In theory, comprehensive access and modification rights to data stored in cloud services could be achieved. AMD says it has closed the gap with an update.
CISPA researcher Riuyi Zhang from the research group of CISPA Faculty Dr. Michael Schwarz has designed CacheWarp, a software-based bug attack that compromises data security on cloud services. CacheWarp targets the hypervisor, which acts as a host for virtual machines. “The basis of cloud services is so-called virtualization,” explains Zhang. With virtualization, multiple virtual machines are created within a physical computer. These have their own RAM, CPU and operating system. The hypervisor isolates the operating systems and organizes the distribution of resources such as memory and computing power.
CacheWarp: Cache on time travel
The AMD-SEV security technology is intended to ensure that the hypervisor and the virtual machines are isolated from each other. The memory of each virtual machine is encrypted with a separate key. This is intended to make comprehensive data access across virtual machines or through an untrustworthy hypervisor impossible. With CacheWarp this security mechanism can be circumvented. The attack works by rolling back data changes in the cache memory and suggests an outdated status to the system. This allows attackers to rely on successful user authentication and gain access to the virtual machine.
Hypervisor repeatedly presents an attack surface
To prevent attacks on the hypervisor, AMD developed the first generation of Secure Encrypted Virtualization (SEV). “Several security gaps quickly became known. Additionally, encryption at SEV-ES and SEV was initially used without identity verification. This allowed data to be manipulated. And not all parts of the memory were encrypted,” explains Michael Schwarz. As an expert in CPU vulnerabilities, Schwarz was involved in the discovery of several such vulnerabilities, including Specter, Meltdown and ZombieLoad. AMD responded to the problems and further developed SEV into the features SEV-ES and most recently SEV-SNP, which now also became vulnerable with CacheWarp.
AMD has fixed security vulnerability
“To our knowledge, CacheWarp is the only software-based attack that can be used to defeat SEV-SNP in this way,” explains Zhang. Provided they have access to a cloud provider’s server room, the researchers can use the code programmed for CacheWarp to access the virtual machines and view and change data. They not only described the attack techniques scientifically, but also suggested a compiler-based solution to defuse the attack options. Since the discovery of CacheWarp, they have also been in contact with AMD. AMD has since announced that it has closed the security gap with an update.
The research team led by CISPA Faculty Dr. Michael Schwarz has created his own website for information about CacheWarp (cachewarpattack.com). The scientific paper entitled “CacheWarp: Software-Based Fault Injection Using Selective State Reset” is available there and has also been accepted for the “USENIX Security” conference 2024. The authors are: Ruiyi Zhang, Lukas Gerlach, Daniel Weber, Lorenz Hetterich, Michael Schwarz (all CISPA Helmholtz Center for Information Security), Andreas Kogler (TU Graz) and Youheng Lü (independent).
Sebastian Klöckner | Unternehmenskommunikation CISPA Helmholtz-Zentrum für Informationssicherheit Stuhlsatzenhaus 5, 66123 Saarbrücken, Deutschland e [email protected] | w www.cispa.de