SNPGuard: Remote Attestation of SEV-SNP VMs Using Open Source Tools
- URL: http://arxiv.org/abs/2406.01186v1
- Date: Mon, 3 Jun 2024 10:48:30 GMT
- Title: SNPGuard: Remote Attestation of SEV-SNP VMs Using Open Source Tools
- Authors: Luca Wilke, Gianluca Scopelliti,
- Abstract summary: Cloud computing is a ubiquitous solution to handle today's complex computing demands.
VM-based Trusted Execution Environments (TEEs) are a promising solution to solve this issue.
They provide strong isolation guarantees to lock out the cloud service provider.
- Score: 3.7752830020595796
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Cloud computing is a ubiquitous solution to handle today's complex computing demands. However, it comes with data privacy concerns, as the cloud service provider has complete access to code and data running on their infrastructure. VM-based Trusted Execution Environments (TEEs) are a promising solution to solve this issue. They provide strong isolation guarantees to lock out the cloud service provider, as well as an attestation mechanism to enable the end user to verify their trustworthiness. Attesting the whole boot chain of a VM is a challenging task that requires modifications to several software components. While there are open source solutions for the individual components, the tooling and documentation for properly integrating them remains scarce. In this paper, we try to fill this gap by elaborating on two common boot workflows and providing open source tooling to perform them with low manual effort. The first workflow assumes that the VM image does only require integrity but not confidentiality, allowing for an uninterrupted boot process. The second workflow covers booting a VM with an encrypted root filesystem, requiring secure provisioning of the decryption key during early boot. While our tooling targets AMD Secure Encrypted Virtualization (SEV) VMs, the concepts also apply to other VM-based TEEs such as Intel Trusted Domain Extensions (TDX).
Related papers
- Chat AI: A Seamless Slurm-Native Solution for HPC-Based Services [0.3124884279860061]
Large language models (LLMs) allow researchers to run open-source or custom fine-tuned LLMs and ensure users that their data remains private and is not stored without their consent.
We propose an implementation consisting of a web service that runs on a cloud VM with secure access to a scalable backend running a multitude of AI models on HPC systems.
In order to ensure the security of the HPC system, we use the SSH ForceCommand directive to construct a robust circuit breaker.
arXiv Detail & Related papers (2024-06-27T12:08:21Z) - WeSee: Using Malicious #VC Interrupts to Break AMD SEV-SNP [2.8436446946726557]
AMD SEV-SNP offers VM-level trusted execution environments (TEEs) to protect sensitive cloud workloads.
WeSee attack injects malicious #VC into a victim VM's CPU to compromise the security guarantees of AMD SEV-SNP.
Case-studies demonstrate that WeSee can leak sensitive VM information (kTLS keys for NGINX), corrupt kernel data (firewall rules), and inject arbitrary code.
arXiv Detail & Related papers (2024-04-04T15:30:13Z) - Heckler: Breaking Confidential VMs with Malicious Interrupts [2.650561978417805]
Heckler is a new attack wherein the hypervisor injects malicious non-timer interrupts to break the confidentiality and integrity of CVMs.
With AMD SEV-SNP and Intel TDX, we demonstrate Heckler on OpenSSH and to bypass authentication.
arXiv Detail & Related papers (2024-04-04T11:37:59Z) - Bridge the Future: High-Performance Networks in Confidential VMs without Trusted I/O devices [9.554247218443939]
Trusted I/O (TIO) is an appealing solution to improve I/O performance for confidential impact (CVMs)
This paper emphasizes that not all types of I/O can derive substantial benefits from TIO, particularly network I/O.
We present FOlio, a software solution crafted from a secure and efficient Data Plane Development Kit (DPDK) extension.
arXiv Detail & Related papers (2024-03-05T23:06:34Z) - Trustworthy confidential virtual machines for the masses [1.6503985024334136]
We present Revelio, an approach that allows confidential virtual machine (VM)-based workloads to be designed and deployed in a way that disallows tampering even by the service providers.
We focus on web-facing workloads, protect them leveraging SEV-SNP, and enable end-users to remotely attest them seamlessly each time a new web session is established.
arXiv Detail & Related papers (2024-02-23T11:54:07Z) - HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs)
TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks.
We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
arXiv Detail & Related papers (2024-01-17T00:56:23Z) - Open-DDVM: A Reproduction and Extension of Diffusion Model for Optical
Flow Estimation [56.51837025874472]
Google proposes DDVM which for the first time demonstrates that a general diffusion model for image-to-image translation task works impressively well.
However, DDVM is still a closed-source model with the expensive and private Palette-style pretraining.
In this technical report, we present the first open-source DDVM by reproducing it.
arXiv Detail & Related papers (2023-12-04T09:10:25Z) - Putting a Padlock on Lambda -- Integrating vTPMs into AWS Firecracker [49.1574468325115]
Software services place implicit trust in the cloud provider, without an explicit trust relationship.
There is currently no cloud provider that exposes Trusted Platform Module capabilities.
We improve trust by integrating a virtual TPM device into the Firecracker, originally developed by Amazon Web Services.
arXiv Detail & Related papers (2023-10-05T13:13:55Z) - SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices [67.65883495888258]
We present SyzTrust, the first state-aware fuzzing framework for vetting the security of resource-limited Trusted OSes.
SyzTrust adopts a hardware-assisted framework to enable fuzzing Trusted OSes directly on IoT devices.
We evaluate SyzTrust on Trusted OSes from three major vendors: Samsung, Tsinglink Cloud, and Ali Cloud.
arXiv Detail & Related papers (2023-09-26T08:11:38Z) - FCOS: A simple and strong anchor-free object detector [111.87691210818194]
We propose a fully convolutional one-stage object detector (FCOS) to solve object detection in a per-pixel prediction fashion.
Almost all state-of-the-art object detectors such as RetinaNet, SSD, YOLOv3, and Faster R-CNN rely on pre-defined anchor boxes.
In contrast, our proposed detector FCOS is anchor box free, as well as proposal free.
arXiv Detail & Related papers (2020-06-14T01:03:39Z) - A Privacy-Preserving Distributed Architecture for
Deep-Learning-as-a-Service [68.84245063902908]
This paper introduces a novel distributed architecture for deep-learning-as-a-service.
It is able to preserve the user sensitive data while providing Cloud-based machine and deep learning services.
arXiv Detail & Related papers (2020-03-30T15:12:03Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.