Secure Encrypted Virtualization is Unsecure
نویسندگان
چکیده
Virtualization has become more important since cloud computing is getting more and more popular than before. There’s an increasing demand for security among the cloud customers. AMD plans to provide Secure Encrypted Virtualization (SEV)[8] technology in its latest processor EPYC to protect virtual machines by encrypting its memory but without integrity protection. In this paper, we analyzed the weakness in the SEV design due to lack of integrity protection thus it is not so secure. Using different design flaw in physical address-based tweak algorithm to protect against ciphertext block move attacks, we found a realistic attack against SEV which could obtain the root privilege of an encrypted virtual machine protected by SEV. A demo to simulate the attack against a virtual machine protected by SEV is done in a Ryzen machine which supports Secure Memory Encryption (SME)[8] technology since SEV enabled machine is still not available in market.
منابع مشابه
Separating indexes from data: a distributed scheme for secure database outsourcing
Database outsourcing is an idea to eliminate the burden of database management from organizations. Since data is a critical asset of organizations, preserving its privacy from outside adversary and untrusted server should be warranted. In this paper, we present a distributed scheme based on storing shares of data on different servers and separating indexes from data on a distinct server. Shamir...
متن کاملFuzzy retrieval of encrypted data by multi-purpose data-structures
The growing amount of information that has arisen from emerging technologies has caused organizations to face challenges in maintaining and managing their information. Expanding hardware, human resources, outsourcing data management, and maintenance an external organization in the form of cloud storage services, are two common approaches to overcome these challenges; The first approach costs of...
متن کاملGit as an Encrypted Distributed Version Control System Thesis
This thesis develops and presents a secure Git implementation, Git Virtual Vault (GV2), for users of Git to work on sensitive projects with repositories located in unsecure distributed environments, such as in cloud computing. This scenario is common within the Department of Defense, as much work is of a sensitive nature. In order to provide security to Git, additional functionality is added fo...
متن کاملAn Adaptive Security Scheme for Secret Data using Cryptography and Steganography
In today‘s information age, information sharing and transfer has increased exponentially. The information vulnerable to unauthorised access and interception, while in storage or transmission. The threat of an intruder and Steganalysis accessing secret information for sharing information over an unsecure or covert communication channels are vulnerable to intruder attacks. Although, these techniq...
متن کاملCrypto multi tenant: an environment of secure computing using cloud sql
Today’s most modern research area of computing is cloud computing due to its ability to diminish the costs associated with virtualization, high availability, dynamic resource pools and increases the efficiency of computing. But still it contains some drawbacks such as privacy, security, etc. This paper is thoroughly focused on the security of data of multi tenant model obtains from the virtuali...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- CoRR
دوره abs/1712.05090 شماره
صفحات -
تاریخ انتشار 2017