Both AMD and Intel have presented technologies for confidential computing in cloud environments. The proposed solutions - AMD SEV (-ES, -SNP) and Intel TDX - protect Virtual Machines (VMs) against attacks from higher privileged layers through memory encryption and integrity protection. This model of computation draws a new trust boundary between virtual devices and the VM, which in so far lacks thorough examination. In this paper, we therefore present an analysis of the virtual device interface and discuss several attack vectors against a protected VM. Further, we develop and evaluate VIA, an automated analysis tool to detect cases of improper sanitization of input recieved via the virtual device interface. VIA improves upon existing approaches for the automated analysis of device interfaces in the following aspects: (i) support for virtualization relevant buses, (ii) efficient Direct Memory Access (DMA) support and (iii) performance. VIA builds upon the Linux Kernel Library and clang's libfuzzer to fuzz the communication between the driver and the device via MMIO, PIO, and DMA. An evaluation of VIA shows that it performs 570 executions per second on average and improves performance compared to existing approaches by an average factor of 2706. Using VIA, we analyzed 22 drivers in Linux 5.10.0-rc6, thereby uncovering 50 bugs and initiating multiple patches to the virtual device driver interface of Linux. To prove our findings criticality under the threat model of AMD SEV and Intel TDX, we showcase three exemplary attacks based on the bugs found. The attacks enable a malicious hypervisor to corrupt the memory and gain code execution in protected VMs with SEV-ES and are theoretically applicable to SEV-SNP and TDX.
翻译:AMD 和 Intel 都展示了在云层环境中进行机密计算的技术。 拟议的解决方案 - AMD SEV (-ES, - SNP) 和 Intel TDX - 通过内存加密和完整性保护来保护虚拟机器( VM), 通过内存加密和完整性保护, 保护虚拟机器( VM) 不受高特权层的攻击。 这种计算模型在虚拟设备和 VM 之间绘制了新的信任界限, 到目前为止还没有彻底检查 。 因此, 在本文中,我们分析了虚拟设备接口, 并讨论了针对受保护的VMMM。 此外, 我们开发并评估了VIA, 一个自动分析工具, 以检测通过虚拟设备接口对输入进行不适当的识别。 VIA改进了对设备接口进行自动分析的现有方法, 在以下各方面:(一) 支持虚拟化相关大巴, (二) 高效的直接内存存(DMA) 支持和 (三) 性能。 VIA 利用 Linux 图书馆和直径( Rinfu) ) 模型来混淆驱动器、 PIO、 PIO、 DIO、 DIS 和 DIA 运行( ) 运行( ) 运行) 评估显示我们目前平均和S- 的S- sal- d) 和S- sal- sal- sal- sal- sal- sal- servial- s- s- s- s- s- s- s- sal- s- s- s- s- s- servic- salvial- sal- sal- sal- sal- sal- sal- sal- sal- sal- sal- sal- sal- sal- sal- sal- sal- sal- sal- sal- sal- sal- sal- s- sal- sal- sal- sal- salvial- sal- sal- sal- sal- sal- sal- sal- s- s- s- s- s- s- s- s- s- s- s- s- s- s- s- s- s- s- s- s- s- s- s- s-