TUM Logo

Using SEV-SNP Remote Attestation to Establish a TLS Connection

Using SEV-SNP Remote Attestation to Establish a TLS Connection

Supervisor(s): Mathias Morbitzer, Joana Pecholt
Status: inprogress
Topic: Others
Author: Matthias Helmut Griebl
Submission: 2021-12-15
Type of Thesis: Bachelorthesis
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching

Description

The onset of cloud service providers has enabled developers to get
their applications up and running quickly without setting up a
dedicated hosting infrastructure.
That said, running software in the cloud also places a lot of trust in
the hands of service providers.
With control of the execution environment, they can compromise the
integrity of the application and the privacy of its users.

To solve this problem, processor manufacturers have implemented ways
for an application to isolate itself from the host operating system,
thereby only requiring a user to trust the actual hardware used by the
provider.
The technology used by AMD is called Secure Encrypted Virtualization,
or SEV in short.
It allows virtual machines running on conventional hypervisors such as
KVM to keep their state encrypted and separated from the host system,
while still being able to use the abstractions, that using a virtual
machines brings with it.

SEV-SNP is the newest iteration in AMDs virtualization technology.
While it's main aspect is stronger protection for a VMs memory
integrity, it also comes with a new strategy for remote attestation.
SEV-SNP allows the VM to request attestation reports with embedded data
directly, whereas older versions require extra support from the host
and a machine controlled by the guest owner.

This could in theory allow a guest to generate key material and link it
to an attestation report.
This key material can then be used to establish a secure channel with
the attestation report as a root of trust.

Aim of this thesis is to check, weather the new SEV-SNP attestation can
be used to establish a TLS 1.3 channel.
If yes, a protocol to combine attestation with the TLS handshake should
be designed and implemented.