VIA: Analyzing Device Interfaces of Protected Virtual Machines

Both AMD and Intel have presented technologies for confidential computing in cloud environments. The proposed solutions — AMD SEV (-ES, -SNP) and Intel TDX — protect VMs (VMs) against attacks from higher privileged layers through memory encryption and integrity protection. This model of computation draws a new trust boundary between virtual devices and the VM, which in so far lacks thorough examination. In this paper, we therefore present an analysis of the virtual device interface and discuss several attack vectors against a protected VM. Further, we develop and evaluate VIA, an automated analysis tool to detect cases of improper sanitization of input recieved via the virtual device interface. VIA improves upon existing approaches for the automated analysis of device interfaces in the following aspects: (i) support for virtualization relevant buses, (ii) efficient Direct Memory Access (DMA) support and (iii) performance. VIA builds upon the Linux Kernel Library and clang’s libfuzzer to fuzz the communication between the driver and the device via MMIO, PIO, and DMA. An evaluation of VIA shows that it performs 570 executions per second on average and improves performance compared to existing approaches by an average factor of 2706. Using VIA, we analyzed 22 drivers in Linux 5.10.0-rc6, thereby uncovering 50 bugs and initiating multiple patches to the virtual device driver interface of Linux. To prove our findings’ criticality under the threat model of AMD SEV and Intel TDX, we showcase three exemplary attacks based on the bugs found. The attacks enable a malicious hypervisor to corrupt the memory and gain code execution in protected VMs with SEV-ES and are theoretically applicable to SEV-SNP and TDX.

[1]  Kees Cook Linux Kernel Self-Protection , 2017, login Usenix Mag..

[2]  R. Spenneberg Don ’ t trust your USB ! How to find bugs in USB device drivers , 2014 .

[3]  Peter G. Neumann,et al.  Thunderclap: Exploring Vulnerabilities in Operating System IOMMU Protection via DMA from Untrustworthy Peripherals , 2019, NDSS.

[4]  Taesoo Kim,et al.  Finding semantic bugs in file systems with an extensible fuzzing framework , 2019, SOSP.

[5]  Yutao Liu,et al.  Architecture support for guest-transparent VM protection from untrusted hypervisor and physical attacks , 2013, 2013 IEEE 19th International Symposium on High Performance Computer Architecture (HPCA).

[6]  Nicolae Tapus,et al.  LKL: The Linux kernel library , 2010, 9th RoEduNet IEEE International Conference.

[7]  Haibo Chen,et al.  CloudVisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization , 2011, SOSP.

[8]  Sascha Wessel,et al.  SEVered: Subverting AMD's Virtual Machine Encryption , 2018, EuroSec@EuroSys.

[9]  B LeeRuby,et al.  Architectural support for hypervisor-secure virtualization , 2012 .

[10]  Hao Chen,et al.  Matryoshka: Fuzzing Deeply Nested Branches , 2019, CCS.

[11]  Thomas Eisenbarth,et al.  SEVurity: No Security Without Integrity : Breaking Integrity-Free Memory Encryption with Minimal Assumptions , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[12]  Clemens Kolbitsch,et al.  Stateful Fuzzing of Wireless Device Drivers in an Emulated Environment , 2007 .

[13]  Mengyuan Li,et al.  Exploiting Unprotected I/O Operations in AMD's Secure Encrypted Virtualization , 2019, USENIX Security Symposium.

[14]  George Candea,et al.  Testing Closed-Source Binary Device Drivers with DDT , 2010, USENIX Annual Technical Conference.

[15]  Manuel Huber,et al.  Extracting Secrets from Encrypted Virtual Machines , 2019, CODASPY.

[16]  Suman Jana,et al.  Fine Grained Dataflow Tracking with Proximal Gradients , 2019, ArXiv.

[17]  Manos Antonakakis,et al.  The SEVerESt Of Them All: Inference Attacks Against Secure Virtual Enclaves , 2019, AsiaCCS.

[18]  Mathias Payer,et al.  USBFuzz: A Framework for Fuzzing USB Drivers by Device Emulation , 2020, USENIX Security Symposium.

[19]  Jean-Pierre Seifert,et al.  PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary , 2019, NDSS.

[20]  Mathias Morbitzer,et al.  Exploiting Interfaces of Secure Encrypted Virtual Machines , 2020, ArXiv.

[21]  Brent Byunghoon Kang,et al.  Agamotto: Accelerating Kernel Driver Fuzzing with Lightweight Virtual Machine Checkpoints , 2020, USENIX Security Symposium.

[22]  Herman Arnold Engelbrecht,et al.  Lowering the USB Fuzzing Barrier by Transparent Two-Way Emulation , 2014, WOOT.

[23]  Asim Kadav,et al.  SymDrive: Testing Drivers without Devices , 2012, OSDI.

[24]  Robert Buhren,et al.  Security Analysis of Encrypted Virtual Machines , 2016, VEE.

[25]  Lorenzo Cavallaro,et al.  POTUS: Probing Off-The-Shelf USB Drivers with Symbolic Fault Injection , 2017, WOOT.

[26]  Mengyuan Li,et al.  CROSSLINE: Breaking "Security-by-Crash" based Memory Isolation in AMD SEV , 2020, ArXiv.

[27]  George Candea,et al.  The S2E Platform: Design, Implementation, and Applications , 2012, TOCS.

[28]  Samuel T. King,et al.  ReVirt: enabling intrusion analysis through virtual-machine logging and replay , 2002, OPSR.

[29]  Shi-Min Hu,et al.  Static Detection of Unsafe DMA Accesses in Device Drivers , 2021, USENIX Security Symposium.

[30]  Thorsten Holz,et al.  REDQUEEN: Fuzzing with Input-to-State Correspondence , 2019, NDSS.

[31]  Jean-Pierre Seifert,et al.  Insecure Until Proven Updated: Analyzing AMD SEV's Remote Attestation , 2019, CCS.

[32]  Taesoo Kim,et al.  Fuzzing File Systems via Two-Dimensional Input Space Exploration , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[33]  Jaehyuk Huh,et al.  Architectural support for secure virtualization under a vulnerable hypervisor , 2011, 2011 44th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[34]  Kristie B. Hadden,et al.  2020 , 2020, Journal of Surgical Orthopaedic Advances.

[35]  Jesse Fang,et al.  Secure Encrypted Virtualization is Unsecure , 2017, ArXiv.