SEVGuard: Protecting User Mode Applications using Secure Encrypted Virtualization

Beitrag bei einer Tagung
(Konferenzbeitrag)


Details zur Publikation

Autorinnen und Autoren: Palutke R, Neubaum A, Götzfried J
Verlag: Springer
Verlagsort: New York City, United States of America
Jahr der Veröffentlichung: 2019
Tagungsband: SecureComm 2019 Proceedings
Sprache: Englisch


Abstract

We present SEVGuard, a minimal virtual execution environment that protects the condentiality of applications based on AMD's Secure Encrypted Virtualization (SEV). Although SEV was primarily designed for the protection of VMs, we found a way to overcome this limitation and exclusively protect user mode applications. Therefore, we migrate the application into a hardware-accelerated VM and encrypt both its memory and register state. To avoid the overhead of a typical hypervisor, we built our solution on top of the plain Linux Kernel Virtual Machine (KVM) API. With the help of an advanced trapping mechanism, we fully support system and library calls from within the encrypted guest. Furthermore, we allow unmodied code to be transparently virtualized and encrypted by appropriate memory mappings. The memory needed for our minimal VM can be directly allocated within SEVGuard's address space. We evaluated our execution environment regarding correctness and performance, conrming that SEVGuard can be practically used to protect existing legacy applications.


FAU-Autorinnen und Autoren / FAU-Herausgeberinnen und Herausgeber

Götzfried, Johannes
Sonderforschungsbereich/Transregio 89 Invasives Rechnen
Neubaum, Andreas
Lehrstuhl für Informatik 11 (Software-Engineering)
Palutke, Ralph
Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen)


Zitierweisen

APA:
Palutke, R., Neubaum, A., & Götzfried, J. (2019). SEVGuard: Protecting User Mode Applications using Secure Encrypted Virtualization. In SecureComm 2019 Proceedings. Orlando, US: New York City, United States of America: Springer.

MLA:
Palutke, Ralph, Andreas Neubaum, and Johannes Götzfried. "SEVGuard: Protecting User Mode Applications using Secure Encrypted Virtualization." Proceedings of the SecureComm, Orlando New York City, United States of America: Springer, 2019.

BibTeX: 

Zuletzt aktualisiert 2019-31-07 um 10:17