Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
156 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Remote attestation of SEV-SNP confidential VMs using e-vTPMs (2303.16463v2)

Published 29 Mar 2023 in cs.CR and cs.OS

Abstract: Trying to address the security challenges of a cloud-centric software deployment paradigm, silicon and cloud vendors are introducing confidential computing - an umbrella term aimed at providing hardware and software mechanisms for protecting cloud workloads from the cloud provider and its software stack. Today, Intel SGX, AMD SEV, Intel TDX, etc., provide a way to shield cloud applications from the cloud provider through encryption of the application's memory below the hardware boundary of the CPU, hence requiring trust only in the CPU vendor. Unfortunately, existing hardware mechanisms do not automatically enable the guarantee that a protected system was not tampered with during configuration and boot time. Such a guarantee relies on a hardware RoT, i.e., an integrity-protected location that can store measurements in a trustworthy manner, extend them, and authenticate the measurement logs to the user. In this work, we design and implement a virtual TPM that virtualizes the hardware RoT without requiring trust in the cloud provider. To ensure the security of a vTPM in a provider-controlled environment, we leverage unique isolation properties of the SEV-SNP hardware that allows us to execute secure services as part of the enclave environment protected from the cloud provider. We further develop a novel approach to vTPM state management where the vTPM state is not preserved across reboots. Specifically, we develop a stateless ephemeral vTPM that supports remote attestation without any persistent state on the host. This allows us to pair each confidential VM with a private instance of a vTPM completely isolated from the provider-controlled environment and other VMs. We built our prototype entirely on open-source components. Though our work is AMD-specific, a similar approach could be used to build remote attestation protocols on other trusted execution environments.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (83)
  1. add integrity and security to TPM2 transactions. https://www.spinics.net/lists/linux-integrity/msg24093.html. Online; accessed Dec 17, 2022.
  2. Alibaba Cloud Security White Paper. https://alicloud-common.oss-ap-southeast-1.aliyuncs.com/2021/HTK%20Region/whitepaper/Alibaba%20Cloud%20Security%20Whitepaper.pdf. Online; accessed Dec 17, 2022.
  3. AMD Memory encryption. https://amd.wpenginepowered.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v9-Public.pdf. Online; accessed Dec 19, 2022.
  4. AMD Secure Encrypted Virtualization. https://github.com/AMDESE. Online; accessed Nov 11, 2022.
  5. AMD SEV-SNP: Strengthening VM Isolation with Integrity Protection and More. https://www.amd.com/system/files/TechDocs/SEV-SNP-strengthening-vm-isolation-with-integrity-protection-and-more.pdf. Online; accessed Dec 17, 2022.
  6. Apache Cloudstack CVEs. https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-23458/Apache-Cloudstack.html. Online; accessed May 20, 2023.
  7. Arm CCA Security Model 1.0. https://developer.arm.com/documentation/DEN0096/latest. Online; accessed Dec 17, 2022.
  8. AWS Nitro System. https://aws.amazon.com/ec2/nitro/. Online; accessed Dec 17, 2022.
  9. How a months-old AMD microcode bug destroyed my weekend. https://arstechnica.com/gadgets/2019/10/how-a-months-old-amd-microcode-bug-destroyed-my-weekend/. Online; accessed Dec 7, 2022.
  10. Intel Trust Domain CPU Architectural Extensions. https://www.intel.com/content/dam/develop/external/us/en/documents/intel-tdx-cpu-architectural-specification.pdf. Online; accessed Dec 17, 2022.
  11. Introducing Arm Confidential Compute Architecture. https://developer.arm.com/documentation/den0125/0200. Online; accessed Dec 19, 2022.
  12. Keylime. https://github.com/keylime/keylime. Online; accessed Nov 11, 2022.
  13. KVM CVEs. https://nvd.nist.gov/vuln/search. Online; accessed Dec 17, 2022.
  14. Linux SVSM for secure x86 virtualization in Rust. https://github.com/AMDESE/linux-svsm. Online; accessed Nov 11, 2022.
  15. Microsoft Azure Attestation. https://learn.microsoft.com/en-us/azure/attestation/overview. Online; accessed Dec 6, 2022.
  16. musl libc. https://musl.libc.org/. Online; accessed Dec 17, 2022.
  17. Official TPM 2.0 Reference Implementation (by Microsoft). https://github.com/microsoft/ms-tpm-20-ref. Online; accessed Dec 17, 2022.
  18. OpenSSL. https://github.com/openssl/openssl. Online; accessed Nov 11, 2022.
  19. Openstack CVEs. https://www.cvedetails.com/vulnerability-list/vendor_id-11727/Openstack.html. Online; accessed May 20, 2023.
  20. Protecting VM register state with SEV-ES. https://www.amd.com/system/files/TechDocs/Protecting%20VM%20Register%20State%20with%20SEV-ES.pdf. Online; accessed Dec 17, 2022.
  21. [RFC 0/3] Enlightened vTPM support for SVSM on SEV-SNP. https://lore.kernel.org/all/[email protected]/. Online; accessed May 20, 2023.
  22. Runtime Security Subsystem (RSS). https://tf-m-user-guide.trustedfirmware.org/platform/arm/rss/readme.html. Online; accessed Dec 17, 2022.
  23. Secure VM Service Module for SEV-SNP Guests. https://developer.amd.com/wp-content/resources/58019.pdf. Online; accessed Dec 17, 2022.
  24. Security Protocol and Data Model (SPDM) Specification. https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_1.1.0.pdf. Online; accessed Dec 17, 2022.
  25. SEV-ES Guest-Hypervisor Communication Block Standardization. https://developer.amd.com/wp-content/resources/56421.pdf. Online; accessed Dec 17, 2022.
  26. TPM 2.0 library. https://trustedcomputinggroup.org/resource/tpm-library-specification/. Online; accessed Dec 17, 2022.
  27. Trusted Platform Module (TPM2.0) tools. https://github.com/tpm2-software/tpm2-tools. Online; accessed Dec 17, 2022.
  28. Validating instances using Cloud Monitoring. https://cloud.google.com/compute/confidential-vm/docs/monitoring. Online; accessed Dec 6, 2022.
  29. Virtual Trusted Platform Module for Shielded VMs: security in plaintext. https://cloud.google.com/blog/products/identity-security/virtual-trusted-platform-module-for-shielded-vms-security-in-plaintext. Online; accessed Dec 6, 2022.
  30. VMWare CVEs. https://www.vmware.com/security/advisories.html. Online; accessed Dec 17, 2022.
  31. wolfSSL Embedded SSL/TLS Library. https://github.com/wolfSSL/wolfssl/. Online; accessed Dec 17, 2022.
  32. Xen vulnerability statistics. https://www.cvedetails.com/product/23463/XEN-XEN.html?vendor_id=6276. Online; accessed Dec 17, 2022.
  33. Tiago Alves. Trustzone: Integrated hardware and software security. Information Quarterly, 3:18–24, 2004.
  34. AMD. Secure Encrypted Virtualization API Version 0.24. https://www.amd.com/system/files/TechDocs/55766_SEV-KM_API_Specification.pdf. Online; accessed Dec 17, 2022.
  35. AMD. Versioned Chip Endorsement Key (VCEK) Certificate and KDS Interface Specification. https://www.amd.com/system/files/TechDocs/57230.pdf. Online; accessed May 17, 2023.
  36. Towards Trustworthy Virtualization Environments: Xen Library OS Security Service Infrastructure. Trusted Systems Laboratory, HP Laboratories Bristol, pages 88–111, 2007.
  37. Tamas Ban. Attestation and Measured Boot. https://www.trustedfirmware.org/docs/Attestation_and_Measured_Boot.pdf. Online; accessed Dec 17, 2022.
  38. vTPM: Virtualizing the Trusted Platform Module. In Proceedings of the 15th Conference on USENIX Security Symposium - Volume 15, USENIX-SS’06. USENIX Association, 2006.
  39. Subverting Linux’ Integrity Measurement Architecture. In Proceedings of the 15th International Conference on Availability, Reliability and Security, ARES ’20. Association for Computing Machinery, 2020.
  40. Jeremy Boone. TPM Genie: Interposer Attacks Against the Trusted Platform Module Serial Bus. White paper, NCC Group, March 2018. https://www.nccgroup.com/globalassets/about-us/us/documents/tpm-genie.pdf.
  41. Linux kernel vulnerabilities: state-of-the-art defenses and open problems. In APSys, pages 5:1–5:5, 2011.
  42. Principles of remote attestation. International Journal of Information Security, 10(2):63–81, 2011.
  43. Jonathan Corbet. Supervisor mode access prevention. https://lwn.net/Articles/517475/, 2012. Online; accessed Dec 17, 2022.
  44. Intel Corporation. Intel® SGX Data Center Attestation Primitives (Intel® SGX DCAP), 2019. https://download.01.org/intel-sgx/sgx-dcap/1.7/linux/docs/Intel_SGX_DCAP_ECDSA_Orientation.pdf.
  45. Intel Corporation. Intel® 64 and IA-32 Architectures Software Developer’s Manual, 2022. https://software.intel.com/content/www/us/en/develop/download/intel-64-and-ia-32-architectures-sdm-combined-volumes-1-2a-2b-2c-2d-3a-3b-3c-3d-and-4.html.
  46. Intel SGX Explained. Cryptology ePrint Archive, Paper 2016/086, 2016. https://eprint.iacr.org/2016/086.
  47. Sanctum: Minimal Hardware Extensions for Strong Software Isolation. In Proceedings of the 25th USENIX Conference on Security Symposium, SEC’16, page 857–874. USENIX Association, 2016.
  48. StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks. In USENIX Security Symposium, 1998.
  49. Stephen Fischer. Supervisor Mode Execution Protection. NSA Trusted Computing Conference, 2011.
  50. Trusted Computing Group. Trusted Platform Module Library Part 1: Architecture. [52], chapter 37.7.2 ”External NV”, pages 232–233.
  51. Trusted Computing Group. Trusted Platform Module Library Part 1: Architecture. [52], chapter 25.2.3 ”sensitiveDataOrigin”, page 198.
  52. Trusted Computing Group. Trusted Platform Module Library Part 1: Architecture, level 00 revision 01.59 edition, Nov 2019.
  53. Semantic Remote Attestation: A Virtual Machine Directed Approach to Trusted Computing. In Proceedings of the 3rd Conference on Virtual Machine Research And Technology Symposium - Volume 3, VM’04, page 3. USENIX Association, 2004.
  54. Confidential Computing for OpenPOWER. In Proceedings of the Sixteenth European Conference on Computer Systems, EuroSys ’21, page 294–310. Association for Computing Machinery, 2021.
  55. Administrative Domain: Security Enhancement for Virtual TPM. In 2010 International Conference on Multimedia Information Networking and Security, pages 767–771, 2010.
  56. The elliptic curve digital signature algorithm (ECDSA). International journal of information security, 1(1):36–63, 2001.
  57. Cryptanalytic attacks on pseudorandom number generators. In International workshop on fast software encryption, pages 168–188. Springer, 1998.
  58. Code-Pointer Integrity. In Proceedings of the 11th USENIX Conference on Operating Systems Design and Implementation, OSDI’14, page 147–163, USA, 2014. USENIX Association.
  59. RAMBleed: Reading Bits in Memory Without Accessing Them. In 2020 IEEE Symposium on Security and Privacy (SP), pages 695–711, 2020.
  60. A Systematic Look at Ciphertext Side Channels on AMD SEV-SNP. In 2022 IEEE Symposium on Security and Privacy (SP), pages 337–351, 2022.
  61. Akash Malhotra. AMD RYZEN pro 5000 series mobile processors. https://www.amd.com/system/files/documents/amd-security-white-paper.pdf. Online; accessed Dec 17, 2022.
  62. Mengyuan Li and Yinqian Zhang and Huibo Wang and Kang Li and Yueqiang Cheng. CIPHERLEAKS: Breaking Constant-time Cryptography on AMD SEV via the Ciphertext Side Channel. In 30th USENIX Security Symposium (USENIX Security 21), pages 717–732. USENIX Association, August 2021.
  63. Improving Xen security through disaggregation. In Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments, pages 151–160, 2008.
  64. Eugene D Myers. Using the Intel STM for Protected Execution. https://www.platformsecuritysummit.com/2018/speaker/myers/STMPE2Intelv84a.pdf, 2018. Online; accessed Dec 17, 2022.
  65. A survey of published attacks on Intel SGX. arXiv preprint arXiv:2006.13598, 2020.
  66. TRIGLAV: Remote Attestation of the Virtual Machine’s Runtime Integrity in Public Clouds. In 2021 IEEE 14th International Conference on Cloud Computing (CLOUD), pages 1–12, 2021.
  67. Bootstrapping Trust in Commodity Computers. In 2010 IEEE Symposium on Security and Privacy, pages 414–429, 2010.
  68. CoCoTPM: Trusted Platform Modules for Virtual Machines in Confidential Computing Environments. In Proceedings of the 38th Annual Computer Security Applications Conference, ACSAC ’22, page 989–998. Association for Computing Machinery, 2022.
  69. fTPM: A Software-Only Implementation of a TPM Chip. In Proceedings of the 25th USENIX Conference on Security Symposium, SEC’16, page 841–856. USENIX Association, 2016.
  70. Introducing CloudLab: Scientific Infrastructure for Advancing Cloud Architectures and Applications. ; login:: the magazine of USENIX & SAGE, 39(6):36–38, 2014.
  71. Design and implementation of a TCG-based integrity measurement architecture. In USENIX Security symposium, volume 13, pages 223–238, 2004.
  72. TPM Virtualization: Building a General Framework, pages 43–56. Vieweg+Teubner, 2008.
  73. On the effectiveness of address-space randomization. In Proceedings of the 11th ACM conference on Computer and Communications Security, pages 298–307, 2004.
  74. Enhancing Trusted Platform Modules with Hardware-Based Virtualization Techniques. In 2008 Second International Conference on Emerging Security Information, Systems and Technologies, pages 1–9, 2008.
  75. eTPM: A Trusted Cloud Platform Enclave TPM Scheme Based on Intel SGX Technology. Sensors, 18(11), 2018.
  76. Extracting the Secrets of OpenSSL with RAMBleed. Sensors, 22(9), 2022.
  77. Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX. In Proceedings of the 2017 USENIX Conference on Usenix Annual Technical Conference, USENIX ATC ’17, page 645–658. USENIX Association, 2017.
  78. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution. In 27th USENIX Security Symposium (USENIX Security 18), pages 991–1008, 2018.
  79. Arjan van de Ven. New Security Enhancements in Red Hat Enterprise Linux v.3, update 3. https://static.redhat.com/legacy/f/pdf/rhel/WHP0006US_Execshield.pdf.
  80. SvTPM: A Secure and Efficient vTPM in the Cloud. arXiv:1905.08493, 2019.
  81. A Security-Enhanced vTPM 2.0 for Cloud Computing. In Information and Communications Security, pages 557–569. Springer International Publishing, 2018.
  82. Stephen Weis. Protecting data in-use from firmware and physical attacks. Black Hat, 2014.
  83. UEFI secure boot in modern computer security solutions. In UEFI forum, pages 1–10, 2013.
Citations (15)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now