Abstract
We present SEVGuard, a minimal virtual execution environment that protects the confidentiality of applications based on AMD’s Secure Encrypted Virtualization (SEV). Although SEV was primarily designed for the protection of VMs, we found a way to overcome this limitation and exclusively protect user mode applications. Therefore, we migrate the application into a hardware-accelerated VM and encrypt both its memory and register state. To avoid the overhead of a typical hypervisor, we built our solution on top of the plain Linux Kernel Virtual Machine (KVM) API. With the help of an advanced trapping mechanism, we fully support system and library calls from within the encrypted guest. Furthermore, we allow unmodified code to be transparently virtualized and encrypted by appropriate memory mappings. The memory needed for our minimal VM can be directly allocated within SEVGuard’s address space. We evaluated our execution environment regarding correctness and performance, confirming that SEVGuard can be practically used to protect existing legacy applications.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
AMD: Amd64 architecture programmer’s manual volume 2: system programming. AMD Developer Zone (2018). https://support.amd.com/TechDocs/24593.pdf
Arnautov, S., et al.: SCONE: secure Linux containers with Intel SGX. In: 12th USENIX Symposium on Operating Systems Design and Implementation, OSDI (2016)
Baumann, A., Peinado, M., Hunt, G.C.: Shielding applications from an untrusted cloud with haven. In: 11th USENIX Symposium on Operating Systems Design and Implementation, OSDI (2014)
Checkoway, S., Shacham, H.: Iago attacks: why the system call API is a bad untrusted RPC interface. In: ASPLOS, vol. 13, pp. 253–264 (2013)
Costan, V., Devadas, S.: Intel SGX explained. IACR Cryptology ePrint Archive (2016). http://eprint.iacr.org/2016/086
Du, Z., et al.: Secure encrypted virtualization is unsecure. CoRR (2017). http://arxiv.org/abs/1712.05090
Duc, G., Keryell, R.: CryptoPage: an efficient secure architecture with memory encryption, integrity and information leakage protection. In: 22nd Annual Computer Security Applications Conference (ACSAC 2006), 11–15 December 2006, Miami Beach, Florida, USA, pp. 483–492 (2006)
Götzfried, J., Dörr, N., Palutke, R., Müller, T.: Hypercrypt: hypervisor-based encryption of kernel and user space. In: 11th International Conference on Availability, Reliability and Security, ARES 2016, Salzburg, Austria, 31 August–2 September 2016, pp. 79–87. IEEE Computer Society (2016)
Götzfried, J., Müller, T., Drescher, G., Nürnberger, S., Backes, M.: RamCrypt: kernel-based address space encryption for user-mode processes. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, ASIACCS 2016, pp. 919–924. ACM, New York (2016)
Hetzelt, F., Buhren, R.: Security analysis of encrypted virtual machines. In: Proceedings of the 13th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE 2017, Xi’an, China, 8–9 April 2017, pp. 129–142. ACM (2017). https://doi.org/10.1145/3050748.3050763
Kaplan, D., Powell, J., Woller, T.: AMD memory encryption. Technical report, AMD, April 2016. http://developer.amd.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf
Lazard, T., Götzfried, J., Müller, T., Santinelli, G., Lefebvre, V.: TEEshift: protecting code confidentiality by selectively shifting functions into tees. In: Proceedings of the 3rd Workshop on System Software for Trusted Execution, SysTEX 2018, pp. 14–19. ACM (2018). https://doi.org/10.1145/3268935.3268938. http://doi.acm.org/10.1145/3268935.3268938
Lefebvre, V., Santinelli, G., Müller, T., Götzfried, J.: Universal trusted execution environments for securing SDN/NFV operations. In: Doerr, S., Fischer, M., Schrittwieser, S., Herrmann, D. (eds.) Proceedings of the 13th International Conference on Availability, Reliability and Security, ARES 2018, Hamburg, Germany, 27–30 August 2018, pp. 44:1–44:9. ACM (2018). https://doi.org/10.1145/3230833.3233256
Maene, P., Götzfried, J., de Clercq, R., Müller, T., Freiling, F., Verbauwhede, I.: Hardware-based trusted computing architectures for isolation and attestation. IEEE Trans. Comput. 67, 361–374 (2017)
Microsoft: Open enclave SDK (2019). https://openenclave.io/sdk
Morbitzer, M., Huber, M., Horsch, J., Wessel, S.: SEVered: subverting AMD’s virtual machine encryption. In: Stavrou, A., Rieck, K. (eds.) Proceedings of the 11th European Workshop on Systems Security, EuroSec@EuroSys 2018, Porto, Portugal, 23 April 2018, pp. 1:1–1:6. ACM (2018). https://doi.org/10.1145/3193111.3193112
Peterson, P.: Cryptkeeper: improving security with encrypted RAM. In: 2010 IEEE International Conference on Technologies for Homeland Security (HST), pp. 120–126, November 2010
Porter, N.: Asylo: an open-source framework for confidential computing (2018). https://cloudplatform.googleblog.com/2018/05/Introducing-Asylo-an-open-source-framework-for-confidential-computing.html
Provos, N.: Encrypting virtual memory. In: 9th USENIX Security Symposium, Denver, Colorado, USA, 14–17 August 2000
Schuster, F., et al.: VC3: trustworthy data analytics in the cloud using SGX. In: IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, pp. 38–54. IEEE Computer Society (2015). https://doi.org/10.1109/SP.2015.10
Tsai, C., Porter, D.E., Vij, M.: Graphene-SGX: a practical library OS for unmodified applications on SGX. In: USENIX Annual Technical Conference (2017)
Übler, D., Götzfried, J., Müller, T.: Secure remote computation using Intel SGX. In: Sicherheit, Schutz und Zuverlässigkeit (SICHERHEIT 2018), Bonn. Gesellschaft für Informatik (GI) (2017)
Zheng, W., Dave, A., Beekman, J.G., Popa, R.A., Gonzalez, J.E., Stoica, I.: Opaque: an oblivious and encrypted distributed analytics platform. In: 14th USENIX Symposium on Networked Systems Design and Implementation, NSDI (2017)
Acknowledgments
We would like to thank Felix Freiling for his helpful comments and productive suggestions. This work was supported by the German Research Foundation (DFG) as part of the Transregional Collaborative Research Centre “Invasive Computing” (SFB/TR 89).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Palutke, R., Neubaum, A., Götzfried, J. (2019). SEVGuard: Protecting User Mode Applications Using Secure Encrypted Virtualization. In: Chen, S., Choo, KK., Fu, X., Lou, W., Mohaisen, A. (eds) Security and Privacy in Communication Networks. SecureComm 2019. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 305. Springer, Cham. https://doi.org/10.1007/978-3-030-37231-6_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-37231-6_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-37230-9
Online ISBN: 978-3-030-37231-6
eBook Packages: Computer ScienceComputer Science (R0)