Abstract
AMD SEV is a processor extension that has been introduced to provide cloud customers with integrity and confidentiality guarantees in a shared hosting environment. Encryption, combined with access restrictions, ensures that a cloud provider cannot access or modify customer data. For this purpose, SEV and its extensions ES and SNP enable a variety of new features to limit the capabilities of a potentially malicious hypervisor. In this thesis, we demonstrate that some processor performance statistics available to privileged attackers can be used to break the system’s confidentiality guarantees. We present the CRACKPIPE attack, in which a malicious hypervisor abuses performance counter differences to leak secret data out of an SEV-SNP protected virtual machine. CRACKPIPE interrupts the guest virtual machine after each instruction to precisely determine the outcomes of conditional branches, and recovers secrets from the resulting trace. Therefore, despite enabling all protection features of AMD SEV-SNP, the CPU remains vulnerable to CRACKPIPE. In multiple case studies, we demonstrate how the underlying primitive can be used in real-world attacks to recover keys from cryptographic algorithms, such as RSA, or drastically reduce the time complexity of a brute-force attack. Finally, we discuss how mitigations for CRACKPIPE impose trade-offs, such as performance overhead or limiting the hypervisor’s ability to detect malicious guests.
Cite
@mastersthesis{Weissteiner2024CRACKPIPE,
author = {Weissteiner, Hannes},
title = {{CRACKPIPE -- Covertly Reconstructing Arbitrary Code tracKs using Per-Instruction Performance-counter Evaluation}},
school = {Graz University of Technology},
year = {2024}
}