Virtualization has become more important since cloud computing is getting more and more popular than before. There is an increasing demand for security among the cloud customers. AMD plans to provide Secure Encrypted Virtualization (SEV) technology in its latest processor EPYC to protect virtual machines by encrypting its memory but without integrity protection. In this paper, we analyzed the weakness in the SEV design due to lack of integrity protection thus it is not so secure. Using different design flaw in physical address-based tweak algorithm to protect against ciphertext block move attacks, we found a realistic attack against SEV which could obtain the root privilege of an encrypted virtual machine protected by SEV. A demo to simulate the attack against a virtual machine protected by SEV is done in a Ryzen machine which supports Secure Memory Encryption (SME) technology since SEV enabled machine is still not available in market.
@article{arxiv.1712.05090,
title = {Secure Encrypted Virtualization is Unsecure},
author = {Zhao-Hui Du and Zhiwei Ying and Zhenke Ma and Yufei Mai and Phoebe Wang and Jesse Liu and Jesse Fang},
journal= {arXiv preprint arXiv:1712.05090},
year = {2017}
}