Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 17 submissions in the queue.

AMD Virtual Encryption Not Quite There, Claim Researchers

posted by janrinok on Thursday December 08 2016, @11:55PM   Printer-friendly
from the trust-the-cloud? dept.

Arthur T Knackerbracket has found the following story:

A couple of German boffins have taken a good look at AMD's Secure Encrypted Virtualization (SEV), and don't like what they see.

As AMD's Brijesh Singh explained to the Linux driver project mailing list in April, SEV extends the AMD-V architecture when multiple VMs are running under a hypervisor: "SEV hardware tags all code and data with its VM ASID which indicates which VM the data originated from or is intended for. This tag is kept with the data at all times when inside the SOC, and prevents that data from being used by anyone other than the owner".

In this paper at Arxiv, Felicitas Hetzelt and Robert Buhren of the Technical University of Berlin identify shortcomings in the architecture, including possible encryption bypass, information leakage, and memory replay attacks.

[...] "The key idea of SEV is that guest memory is encrypted and the corresponding key is only accessed by the memory controller that handles the encryption and decryption transparently, thereby protecting against both a malicious hypervisor and physical attacks," they write. "This key will never be exposed to the hypervisor. Additionally AMD added a coprocessor to SEV-enabled CPUs ... This coprocessor handles key management and is responsible for the initial encryption of the guest."

[...] The good news is that all of the attacks need a malicious hypervisor – meaning customers can trust AMD SEV if they trust their cloud operator. Although they consider the design issues to be serious, the researchers note that "the technology is promising" if mitigations are possible.

Original Submission

 
This discussion has been archived. No new comments can be posted.
AMD Virtual Encryption Not Quite There, Claim Researchers | Log In/Create an Account | Top | 10 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1, Flamebait) by takyon on Friday December 09 2016, @03:13AM

    by takyon (881) <takyonNO@SPAMsoylentnews.org> on Friday December 09 2016, @03:13AM (#438990) Journal

    They have original reporting. They have exclusive interviews. They have fresh analysis. They have their own podcast and they also fly balloons into the stratosphere [theregister.co.uk]. They are not the National Enquirer or this month's new flavor, known as "fake news". Your opinion is baseless and stale.

    I can only assume that as a "D-list" [wikipedia.org] author, you have chosen to lash out at The Register's superior humor by picking the easiest target imaginable: their habitual use of the word boffin, detested by other weak SoylentNews users. Good for you. Maybe I'll submit an El Reg article every day for the next year.

    --
    [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
    Starting Score:    1  point
    Moderation   -1  
       Flamebait=2, Underrated=1, Total=3
    Extra 'Flamebait' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   1  

  • (Score: 2) by mcgrew on Friday December 09 2016, @05:28PM

    by mcgrew (701) <publish@mcgrewbooks.com> on Friday December 09 2016, @05:28PM (#439254) Homepage Journal

    True, but they also leave key facts out of an unsensational story to sensationalize it. Not really fake news, but damned close. It's simply an untrustworthy source.

    --
    mcgrewbooks.com mcgrew.info nooze.org