Description
When running a virtual machine in a trusted execution environment such
as AMD SEV-SNP or Intel TDX, the device’s memory and CPU state is
protected from the hypervisor and other VMs. However, this model still
places the hypervisor in full control of all virtualized devices.
This allows the host operating system to exploit vulnerabilities in the
driver layer of the guest OS, which is usually not built with malicious
hardware in mind. Previous research shows that such vulnerabilities
already exist. Hardening the existing drivers would require extensive
effort with little to no gain in traditional environments. In order to
still use existing, non-specialized operating systems like Linux in a
confidential VM, another solution must be found.
In this thesis, we propose an intercept mechanism for communication
between the hypervisor and an AMD SEV-SNP virtual machine. We start by
examining methods of intercepting I/O operations between the virtual
machine and the hypervisor. We then devise an end-to-end strategy to
route requests and responses through an intermediary component, which
can screen the forwarded data for malicious patterns. To ensure minimal
modifications to the host and guest kernels, we integrate this
component into an SVSM, which is expected to be widely supported in
SEV-SNP deployments on popular hypervisors. We then evaluate our
approach on its effectiveness in preventing a previously discovered
attack vector in the Linux driver stack.
We show that the I/O sanitizer can successfully intercept attacks on
the device drivers of a guest OS running in an SEV-SNP VM. This makes
the I/O sanitizer a viable alternative to driver hardening while at the
same time not impacting device drivers running in non-confidential
VMs and bare-metal environments.
|
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching