Heckler: Breaking Confidential VMs with Malicious Interrupts

arXiv:2404.03387v1 Announce Type: new
Abstract: Hardware-based Trusted execution environments (TEEs) offer an isolation granularity of virtual machine abstraction. They provide confidential VMs (CVMs) that host security-sensitive code and data. AMD SEV-SNP and Intel TDX enable CVMs and are now available on popular cloud platforms. The untrusted hypervisor in these settings is in control of several resource management and configuration tasks, including interrupts. We present Heckler, a new attack wherein the hypervisor injects malicious non-timer interrupts to break the confidentiality and …

abstraction amd amd sev arxiv breaking cloud cloud platforms code confidential control cs.cr data enable environments hardware host hypervisor intel intel tdx isolation machine malicious offer platforms popular popular cloud platforms security sensitive settings untrusted virtual virtual machine vms