SNPGuard: Remote Attestation of SEV-SNP VMs Using Open Source Tools

• URL: http://arxiv.org/abs/2406.01186v1
• Date: Mon, 3 Jun 2024 10:48:30 GMT
• Title: SNPGuard: Remote Attestation of SEV-SNP VMs Using Open Source Tools
• Authors: Luca Wilke, Gianluca Scopelliti,
• Abstract summary: Cloud computing is a ubiquitous solution to handle today's complex computing demands. VM-based Trusted Execution Environments (TEEs) are a promising solution to solve this issue. They provide strong isolation guarantees to lock out the cloud service provider.
• Score: 3.7752830020595796
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Cloud computing is a ubiquitous solution to handle today's complex computing demands. However, it comes with data privacy concerns, as the cloud service provider has complete access to code and data running on their infrastructure. VM-based Trusted Execution Environments (TEEs) are a promising solution to solve this issue. They provide strong isolation guarantees to lock out the cloud service provider, as well as an attestation mechanism to enable the end user to verify their trustworthiness. Attesting the whole boot chain of a VM is a challenging task that requires modifications to several software components. While there are open source solutions for the individual components, the tooling and documentation for properly integrating them remains scarce. In this paper, we try to fill this gap by elaborating on two common boot workflows and providing open source tooling to perform them with low manual effort. The first workflow assumes that the VM image does only require integrity but not confidentiality, allowing for an uninterrupted boot process. The second workflow covers booting a VM with an encrypted root filesystem, requiring secure provisioning of the decryption key during early boot. While our tooling targets AMD Secure Encrypted Virtualization (SEV) VMs, the concepts also apply to other VM-based TEEs such as Intel Trusted Domain Extensions (TDX).

Related papers

• Ditto: Elastic Confidential VMs with Secure and Dynamic CPU Scaling [35.971391128345125]
  "Elastic CVM" and the Worker vCPU design pave the way for more flexible and cost-effective confidential computing environments. "Elastic CVM" and the Worker vCPU design not only optimize cloud resource utilization but also pave the way for more flexible and cost-effective confidential computing environments.
  arXiv  Detail & Related papers  (2024-09-23T20:52:10Z)
• Securing Network-Booting Linux Systems at the Example of bwLehrpool and bwForCluster NEMO [0.0]
  The universities of Baden-W"urttemberg are using stateless system remote boot for services such as computer labs and data centers. The aim of this work is to establish trust within this network, focusing on server-client identity, confidentiality and image authenticity.
  arXiv  Detail & Related papers  (2024-09-03T20:54:19Z)
• OpenDAS: Open-Vocabulary Domain Adaptation for 2D and 3D Segmentation [54.98688607911399]
  We propose the task of open-vocabulary domain adaptation to infuse domain-specific knowledge into Vision-Language Models (VLMs) Existing VLM adaptation methods improve performance on base (training) queries, but fail to preserve the open-set capabilities of VLMs on novel queries. Our approach is the only parameter-efficient method that consistently surpasses the original VLM on novel classes.
  arXiv  Detail & Related papers  (2024-05-30T15:16:06Z)
• WeSee: Using Malicious #VC Interrupts to Break AMD SEV-SNP [2.8436446946726557]
  AMD SEV-SNP offers VM-level trusted execution environments (TEEs) to protect sensitive cloud workloads. WeSee attack injects malicious #VC into a victim VM's CPU to compromise the security guarantees of AMD SEV-SNP. Case-studies demonstrate that WeSee can leak sensitive VM information (kTLS keys for NGINX), corrupt kernel data (firewall rules), and inject arbitrary code.
  arXiv  Detail & Related papers  (2024-04-04T15:30:13Z)
• Heckler: Breaking Confidential VMs with Malicious Interrupts [2.650561978417805]
  Heckler is a new attack wherein the hypervisor injects malicious non-timer interrupts to break the confidentiality and integrity of CVMs. With AMD SEV-SNP and Intel TDX, we demonstrate Heckler on OpenSSH and to bypass authentication.
  arXiv  Detail & Related papers  (2024-04-04T11:37:59Z)
• Trustworthy confidential virtual machines for the masses [1.6503985024334136]
  We present Revelio, an approach that allows confidential virtual machine (VM)-based workloads to be designed and deployed in a way that disallows tampering even by the service providers. We focus on web-facing workloads, protect them leveraging SEV-SNP, and enable end-users to remotely attest them seamlessly each time a new web session is established.
  arXiv  Detail & Related papers  (2024-02-23T11:54:07Z)
• HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
  Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs) TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks. We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
  arXiv  Detail & Related papers  (2024-01-17T00:56:23Z)
• Open-DDVM: A Reproduction and Extension of Diffusion Model for Optical Flow Estimation [56.51837025874472]
  Google proposes DDVM which for the first time demonstrates that a general diffusion model for image-to-image translation task works impressively well. However, DDVM is still a closed-source model with the expensive and private Palette-style pretraining. In this technical report, we present the first open-source DDVM by reproducing it.
  arXiv  Detail & Related papers  (2023-12-04T09:10:25Z)
• Putting a Padlock on Lambda -- Integrating vTPMs into AWS Firecracker [49.1574468325115]
  Software services place implicit trust in the cloud provider, without an explicit trust relationship. There is currently no cloud provider that exposes Trusted Platform Module capabilities. We improve trust by integrating a virtual TPM device into the Firecracker, originally developed by Amazon Web Services.
  arXiv  Detail & Related papers  (2023-10-05T13:13:55Z)
• FCOS: A simple and strong anchor-free object detector [111.87691210818194]
  We propose a fully convolutional one-stage object detector (FCOS) to solve object detection in a per-pixel prediction fashion. Almost all state-of-the-art object detectors such as RetinaNet, SSD, YOLOv3, and Faster R-CNN rely on pre-defined anchor boxes. In contrast, our proposed detector FCOS is anchor box free, as well as proposal free.
  arXiv  Detail & Related papers  (2020-06-14T01:03:39Z)
• A Privacy-Preserving Distributed Architecture for Deep-Learning-as-a-Service [68.84245063902908]
  This paper introduces a novel distributed architecture for deep-learning-as-a-service. It is able to preserve the user sensitive data while providing Cloud-based machine and deep learning services.
  arXiv  Detail & Related papers  (2020-03-30T15:12:03Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.