Confidential computing, powered by hardware technologies such as Intel SGX (Software Guard Extensions) and AMD SEV (Secure Encrypted Virtualization), promises strong isolation and transparent memory encryption.
Designed to protect against privileged attackers and physical threats such as bus snooping and cold boot attacks, these secure CPU enclaves are used predominantly in cloud computing environments to create protected memory regions that are encrypted and inaccessible to the rest of the system. However, security researchers from Begium’s KU Leuven University have developed a custom, low-cost DDR4 interposer that re-opens the door to supply chain attacks against even fully patched systems.
During a presentation at the Black Hat Europe conference on Wednesday, Jesse De Meulemeester and Jo Van Bulck demonstrated how this $50 piece of hardware made it possible to manipulate memory address mapping, effectively tricking the processor into granting unauthorized access to portions of encrypted memory.
Because the hack operates at runtime it circumvents recent boot-time firmware mitigations deployed by Intel and AMD in response to earlier software-based “BadRAM” memory aliasing attacks.
The latest hack — dubbed Battering RAM — enables arbitrary plaintext read/write access and extraction of SGX’s platform provisioning key. This, in turn, allowed the researchers to forge attestation reports and implant persistent backdoors on AMD SEV-protected virtual machines. Cloud infrastructures that rely on Intel’s Scalable SGX technology are also potentially vulnerable.
The researchers reported their findings to both AMD and Intel prior to unveiling their research. Both chip giants said the attack was out of scope because it involved hardware manipulation.
De Meulemeester told CSO that software and firmware modules are currently unable to detect this attack. As a result, if attackers were able to introduce a compromised memory module into the supply chain they would then be able to carry out follow-up malware-based attacks on vulnerable virtual infrastructure.
The research undercuts fundamental assumptions about encrypted memory security guarantees while raising questions about the performance and security trade-offs built into the architecture of confidential cloud computing systems.
Comprehensively resolving the problem would involve reintroducing cryptographic freshness protections integrity into the next generation of server chips, says De Meulemeester, a PhD candidate in electrical engineering who specializes in securing high-performance computing systems against emerging threats.
No Responses