Virtual Machine Security Enhancement Based On AMD Memory Encryption

Recently,cloud services have been extensively deployed.However,the confidentiality of the tenant's data become a serious issue when facing malicious insiders or even hardware attacks like code boot or bus snooping.Therefore,the primary premise of modern multi-tenant clouds is to protect those data under untrusted cloud environment.Recently,AMD have released hardware supports for memory encryption within its new generation of manufactured processors called Secure Memory Encryption(SME)and Secure Encrypted Virtualization(SEV)[1].SME and SEV encrypt memory in page level granularity by simply setting one bit(C-bit)in the page table entry.While SME is mainly designed to defend against physical attacks like cold-boot or bus snooping attacks,SEV allows each virtual machine using its own key to selectively encrypt and manage memory,which provides an opportunity to guarantee the confidentiality of guest VM against compromised hypervisor.However,during leveraging SEV for VM protection,we observed that there are several problems with the existing mechanism.First,a malicious hypervisor can bypass or even disable the protection by manipulating some critical data structure.On the other hand,we observed that SEV only provide limited memory protection which is not enough to protect full life cycle of VM.In this dissertation,we systematically analyze security issues existing in current SEV and give a comprehensive discussion on leveraging AMD's SEV feature for VM and application protection.To resolve the problem of untrusted hypervisor bypassing protection,the system separates critical resources from common service provision.The privilege to directly operate on specific resources is revoked from the hypervisor.Instead,another isolated secure environment manages those critical resources with policy enforcement.To protect the critical data in application,the system decompose the application into normal part and critical part.The latter will be placed in a isolated and secure runtime environment which is retrofitted by leveraging AMD SEV feature and communicates with normal part through secure communication channel,so that even a compromised guest OS cannot steal those cirtical data from the protected application.Our contributions: To summarize,this dissertation makes the following contributions:· A comprehensive security analysis of leveraging AMD's SEV mechanism for VM and application protection.· A software extension to resolve the problems of leveraging SEV for rigorous VM pro-tection by separating critical resource management from service provision with sibling based protection,and novelly reuse SEV API for full VM life-cycle protection.· A software extension to resolve the problems of leveraging SEV for coarse-grained ap-plication protection by decomposing application info normal part and cirtical part,and put the latter into an isolated secure runtime environment.· Systematical security analysis and quantitative performance evaluation on these two pro-totypes to prove their effectiveness and security.