Attacks on encrypted memory: Beyond the single bit conditionals
Protecting users’ privacy in virtualized cloud environments is an increasing concern for both users and providers. A hypervisor provides a hosting facility administrator with the capabilities to read the memory space of any guest VM. Therefore, nothing really prevents such an administrator from abusing these capabilities to access users’ data. This threat is not prevented even if the whole memory is encrypted with a single (secret) key. Guest VM’s can be isolated from the administrator if each guest VM has its memory space encrypted with a unique per-VM key. Here, while the hypervisor’s memory access capabilities remain unchanged, reading a VM memory decrypts the VM’s encrypted data with the wrong key and therefore gives no advantage to the attacker. This is indeed the motivation behind some newly released technologies in latest processors.
However, this talk argues that the privacy claim of any technology that uses different encryption keys to isolate hypervisor administrators from guest VM’s cannot be guaranteed. To show this, it demonstrates a new instantiation of a “Blinded Random Block Corruption (BRBC) Attack”. Under the same scenario assumptions that the per-VM keying method addresses, the attack allows a cloud provider administrator to use the capabilities of a (trusted) hypervisor in order to login to a guest VM (besides the encrypted memory). This completely compromises the user’s data privacy. Furthermore, we also demonstrate that even non-boolean values can be effectively targeted by attackers, forcing the elevation of privileges of a process running in a protected VM as demonstration.
This shows, once again, that memory encryption by itself, is not necessarily a defense-in-depth mechanism against attackers with memory read/write capabilities. A better guarantee is achieved if the memory encryption includes some authentication mechanism.