AMD Zen logo

The security protocol that governs how virtual machines share data on a host system powered by AMD Zen processors has been found to be insecure, at least in theory, by Felicitas Hetzelt and Robert Buhren, two scientists at the Security in Telecommunications Department at the Technical University of Berlin, Germany.

All CPUs built today are designed to work in cloud environments. Because cloud computing implies setting up virtual machines on the same host station, modern-day processors must be able to share resources between different "guests."

Security researchers analyze AMD's SEV technology

The software that controls which user can access what amount of resources on a host machine is called a hypervisor.

Unfortunately, not all hypervisors are securely designed, and as such, CPU makers like Intel and AMD have deployed their own technologies at the processor level to ensure malicious or compromised hypervisor clients don't allow clients to jump their resource space.

Intel's technology is called Software Guard Extensions (SGX), while AMD's system is Secure Encrypted Virtualization (SEV).

AMD SEV hasn't been audited until now

The way Intel's SGX and AMD's SEV work is completely different. SGX creates a secure space where the CPU executes code that the hypervisor or the operating system can't alter.

On the other hand, SEV works by encrypting parts of the virtual machine's memory, so the hypervisor can't inspect the data.

The advantage of SEV over SGX is that developers don't have to modify existing software. The disadvantage is that SEV has never been shipped until now, and hence, has never been examined by the security and research community. On the other hand, SGX has been audited numerous times.

Researchers find "theoretical" flaws in AMD SEV documentation

AMD, who plans to ship SEV with its upcoming line of Zen processors, has published the technical documentation for the SEV technology this past April.

The two German researchers have analyzed the design of SEV, using this public documentation, and said they managed to identify three attack channels.

In a technical paper released over the past weekend, the researchers described their attacks:

  • We show how a malicious hypervisor can force the guest to perform arbitrary read and write operations on protected memory.
  • We describe how to completely disable any SEV memory protection configured by the tenant.
  • We implement a replay attack that uses captured login data to gain access to the target system by solely exploiting resource management features of a hypervisor.

"We would like to emphasize that we did not break AMD SEV itself but rather evaluated the design  issues  present in the documentation," the researchers wanted to point out.

"Although we discovered serious design issues of AMD’s SEV, we still think that the technology is promising considering the mitigations discussed in this paper," researchers added.

AMD is scheduled to ship SEV with the Zen processor line in the first quarter of 2017.