Formal Security Analysis of the AMD SEV-SNP Software Interface

arXiv:2403.10296v1 Announce Type: new
Abstract: AMD Secure Encrypted Virtualization technologies enable confidential computing by protecting virtual machines from highly privileged software such as hypervisors. In this work, we develop the first, comprehensive symbolic model of the software interface of the latest SEV iteration called SEV Secure Nested Paging (SEV-SNP). Our model covers remote attestation, key derivation, page swap and live migration. We analyze the security of the software interface of SEV-SNP by verifying critical secrecy, authentication, attestation and freshness properties, …

amd amd sev analysis arxiv called computing confidential confidential computing cs.cr enable encrypted hypervisors interface latest machines nested privileged protecting security security analysis software technologies virtual virtualization virtual machines work