Vulnerability found in hardware from AMD and Intel Researchers find leak in confidential computing technology
Providers on the topic
Security researchers at ETH Zurich have found a vulnerability in the technology that AMD and Intel use to protect cloud servers. The technology is intended to protect sensitive data, which of course makes the gap particularly serious.
Security researchers at ETH Zurich have discovered a gap in the confidential computing technology from AMD and Intel found. The technology is intended to protect sensitive data in the cloud. However, attackers can read the data through a gap.
This is how the attacks work
The gap arises from the interaction of the hypervisor software and the interrupt mechanism used in the cloud infrastructure for process control. The researchers discovered that specially crafted interrupts can give an attacker access to data processed in a so-called Trusted Execution Environment (TEE), even if it is isolated. Two specific types of attacks were examined: the “Heckler attack,” which was successful on AMD and Intel systems, and the “WeSee” attack, which exclusively affects AMD hardware and is enabled by a special communication mechanism between the TEE and the hypervisor.
These discoveries are part of a broader research project to develop a tap-proof smartphone that will enable independent app execution and increased data protection. The research highlights the need to continually improve cloud security measures and strengthen isolation and protection of sensitive data in cloud environments.
The results of this research highlight the need to continually review and improve even the seemingly robust security measures in cloud environments, particularly with regard to the isolation and protection of data during its processing.
(ID:50004894)
As of October 30, 2020
It goes without saying that we handle your personal data responsibly. If we collect personal data from you, we process it in compliance with the applicable data protection regulations. Detailed information can be found in our data protection declaration.
Consent to the use of data for advertising purposes
I agree that Vogel IT-Medien GmbH, Max-Josef-Metzger-Straße 21, 86157 Augsburg, including all companies affiliated with it within the meaning of Sections 15 ff. AktG (hereinafter: Vogel Communications Group), my E -Email address used to send editorial newsletters. Lists of the associated companies can be found here be retrieved.
The newsletter content covers products and services from all of the companies mentioned above, including, for example, specialist magazines and specialist books, events and trade fairs as well as event-related products and services, print and digital media offers and services such as other (editorial) newsletters, competitions, lead campaigns, Market research in the online and offline areas, subject-specific web portals and e-learning offers. If my personal telephone number has also been collected, it may be used to make offers for the aforementioned products and services from the aforementioned companies and for market research.
If I access protected content on the Internet on portals of the Vogel Communications Group, including its affiliated companies within the meaning of Sections 15 ff. AktG, I must register with additional data to access this content. In return for this free access to editorial content, my data may be used for the purposes stated here in accordance with this consent.
Right to withdraw
I am aware that I can revoke this consent at any time in the future. My revocation will not affect the lawfulness of the processing carried out based on my consent up to the time of revocation. In order to declare my revocation, I can do this under https://support.vogel.de Use the available contact form. If I no longer wish to receive individual newsletters that I have subscribed to, I can also click on the unsubscribe link included at the end of a newsletter. Further information about my right of withdrawal and its exercise as well as the consequences of my withdrawal can be found in the data protection declaration, section Editorial newsletters.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.OkPrivacy policy