Researchers Crack Open AMD's Server VM Encryption (theregister.co.uk) 50
Shaun Nichols, reporting for The Register: A group of German researchers have devised a method to thwart the VM security in AMD's server chips. Dubbed SEVered (PDF), the attack would potentially allow an attacker, or malicious admin who had access to the hypervisor, the ability to bypass AMD's Secure Encrypted Virtualization (SEV) protections.
The problem, say Fraunhofer AISEC researchers Mathias Morbitzer, Manuel Huber, Julian Horsch and Sascha Wessel, is that SEV, which is designed to isolate VMs from the prying eyes of the hypervisor, doesn't fully isolate and encrypt the VM data within the physical memory itself.
The problem, say Fraunhofer AISEC researchers Mathias Morbitzer, Manuel Huber, Julian Horsch and Sascha Wessel, is that SEV, which is designed to isolate VMs from the prying eyes of the hypervisor, doesn't fully isolate and encrypt the VM data within the physical memory itself.
"malicious admin" (Score:4, Insightful)
Re: (Score:3, Interesting)
Hey, Intel paid a lot of shekels for this very valuable research!
Re: (Score:2)
Re:"malicious admin" (Score:4, Insightful)
"I feel like some of these stories are like Bob's Home Security fails to protect you if your wife is a serial killer."
To an extent they are, but if you are using cloud providers, the other tennants, and the monkeys at the cloud provider itself should all be considered potentially hostile.
And even within companies there is this (legitimate) concept that everyone in IT shouldn't hold the keys to payroll, finance, HR, and the R&D trade secretes... so there are lots scenarios where the people administering the systems, the servers, the cloud fabric etc, shouldn't be able to get access to the contents of the virtual machines.
Re: (Score:2, Interesting)
The old adage applies regardless: "He who has physical access, owns the data."
It doesn't matter what it's running. If they have physical access, or local admin access, they own the data. All permissions derive from the admin account that set the system up in the first place. Trying to protect the system from the person who set it up / is responsible for maintaining it, is a fool's errand.
The only reason we are having this discussion, is because everyone is too busy trying to save money by outsourcing the co
Re: (Score:1)
Um, yeah, but you considered them potentially hostile anyway. Nothing has changed. Except that maybe some snakeoil salesperson said that AMD's fancy new whatever would make it so that you could stop doing that, but you knew he was definitely lying, because it's impossible/impractical to hide software from the hardware it's running on.
Re: (Score:3)
The entire point of SEV (and Intel's SGX) is to protect the code against a malicious hypervisor. AMD tries to make a dubious distinction between a 'malicious' hypervisor and a 'compromised' hypervisor. Apparently they believe that if an attacker is able to run arbitrary code in the hypervisor, they are less of a threat than if they installed the same malicious code early on.
That said, this is not news. There was a paper published at VEE a year ago (by the same researchers) showing how broken SEV is. Pa
Re: (Score:2)
This is exactly the reason you don't pay someone for your VM architecture. It's all insecure garbage... and this is igoring the fact that the NSA/BSA is deeply imbedded in evehing you do.. At least support the people that do it for free.
This is really bad advice. Hosted in your basement, or on someone elses data center, it really doesn't matter, you're vulnerable to attacks. All you can ever hope to do is mitigate the effects of any successful attack, and do everything you can to isolate things from each other, so an attacker has limited access and has to start anew to break into another isolated service.
Economically, it doesn't even make dollar sense anymore to host internet servers in your basement. When one calculates the cost of own
Re: (Score:2)
The sheer volume of virtual machines running in a data center with literally 1000's of computers, all running VMs... yeah, unless you're some state intelligence agency, data center is good enough and secure enough.
Sure... Script kiddies and ransomware must not exist in your world.
6 figure plus targets means an automated attack. Do you think a ransomeware group cares if they destroy 999 VMs to get to 1 owner who pays? Manpower per payment is all that matters, and you're describing a huge group of vulnerable targets.
Re: (Score:2)
However when you factor in a 1 Gbit or preferably 10 Gbit connection to said server for ie. having your / of your desktop computers there, the economics turn upside down.
Hopefully that will change in the future.
Re: (Score:2)
If you really care about the security of your system, don't connect it to the net. Even indirectly.
If you "sort of " care about the security of your system, only connect it indirectly. No direct web access. Use message passing of text messages to transfer info. It's not as fast, and it takes a bit more setup, but you can don anything that way that you can the other way.
If you really don't care about security, put your data out on the cloud.
Re: (Score:2)
Yes. I should probably have put an ellipsis in between 'If you "sort of " care about..." and "If you really don't care about ...", because you're right, there are a very large number of intermediate positions. There are also a few intermediate positions between the first two positions. I guess I thought it was sufficiently obvious.
For example, one intermediate position it to use a self-hosted web platform using only the http subset that existed before javascript. Or to host your system on a box that has
Wait a minute... (Score:4, Insightful)
If you have access to the hypervisor you already have full control over the guests even without this "exploit." Why is this considered a big deal exactly?
Re: (Score:1)
Hush you. Intel just got hit with a bunch of new bad bugs, you're ruining the distractive narrative! We're all supposed to look at AMD now.
Re: Wait a minute... (Score:1)
Is Intel vs. AMD part of the Marvel Universe yet? Because I have no problem ignoring all the superhero shit, and tis seems like the same kind of fanboy shit. Marvel! No, DC! No Intel! No no no! AMD!
A bunch of comic book crap.
Re: (Score:2)
The bugs that has hit Intel are generally far worse with more severe implications and bigger impact.
Compare apples and oranges. AMD's SEV is intended as a competitor to SGX. There are some Spectre-related SGX attacks, but these can be fairly easily mitigated in software. In contrast, SEV is completely broken and the breakage is fundamental to the design, not a defect of implementation. Microsoft, Red Hat, and the group of researchers in TFA (and probably others) told AMD this well over a year ago before AMD shipped any SEV-enabled cores. AMD still shipped the feature and advertised it as secure.
Wait a minute...doing it right. (Score:2)
Consider it an incentive to not skimp on hypervisor programming.
The problem, say Fraunhofer AISEC researchers Mathias Morbitzer, Manuel Huber, Julian Horsch and Sascha Wessel, is that SEV, which is designed to isolate VMs from the prying eyes of the hypervisor, doesn't fully isolate and encrypt the VM data within the physical memory itself.
I wonder if that's because doing so would incur too much of a performance penalty?
Re: (Score:2)
The article ends with
> "A low-cost efficient solution could be to securely combine the hash of the pageâ(TM)s content with the guest-assigned GPA."
Re: (Score:2)
Because people are stupid.
Re: (Score:2)
Re: Nice try (Score:1)
It's virtuous, heroic and enlightened to pick another brand!
Re: (Score:2)
I'm not sure about "heroic", and I'd have added the adjective "selfish".
Insecure by design (Score:3)
All modern PC's were never designed with the thought in mind: There will be millions of attacks against this to try and break in.
We just didn't think about that when we designed this stuff, which was before the internet really took off. Of course it's all insecure and broken, it wasn't designed to be hardened against the countless ways security researchers are finding into these designs.
When the "forces that be" decide to scrap everything we've created upto now, and start anew, with a security focus right at the starting line, then we'd get some hardware and software platforms that're truly hardened against any attack.
Bandaids over the x86 paradigm? Waste of time. It's never going to be secure, not against everything everytime. It's just not designed to be secure, we didn't think it needed to be. We didn't think there'd be millions of malicious actors in the wild, with our computers all interconnected by the internet, so everything is exposed to everyone. We just didn't think that'd ever happen. It shows.
The hypervisor can see anything (Score:2)
There is not really a way around this and there are numerous ways to bypass any protection mechanism. This is hardly news, except to the clueless that believe the marketing hype.