SEVGuard: Protecting User Mode Applications using Secure Encrypted Virtualization

Palutke R, Neubaum A, Götzfried J (2019)

Publication Language: English

Publication Type: Conference contribution, Conference Contribution

Publication year: 2019

Publisher: Springer

City/Town: New York City, United States of America

Conference Proceedings Title: SecureComm 2019 Proceedings

Event location: Orlando US

DOI: 10.1007/978-3-030-37231-6_12

Abstract

We present SEVGuard, a minimal virtual execution environment that protects the condentiality of applications based on AMD's Secure Encrypted Virtualization (SEV). Although SEV was primarily designed for the protection of VMs, we found a way to overcome this limitation and exclusively protect user mode applications. Therefore, we migrate the application into a hardware-accelerated VM and encrypt both its memory and register state. To avoid the overhead of a typical hypervisor, we built our solution on top of the plain Linux Kernel Virtual Machine (KVM) API. With the help of an advanced trapping mechanism, we fully support system and library calls from within the encrypted guest. Furthermore, we allow unmodied code to be transparently virtualized and encrypted by appropriate memory mappings. The memory needed for our minimal VM can be directly allocated within SEVGuard's address space. We evaluated our execution environment regarding correctness and performance, conrming that SEVGuard can be practically used to protect existing legacy applications.

Authors with CRIS profile

Ralph Palutke Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen) Andreas Neubaum Lehrstuhl für Informatik 11 (Software-Engineering) Johannes Götzfried Sonderforschungsbereich/Transregio 89 Invasives Rechnen

How to cite

APA:

Palutke, R., Neubaum, A., & Götzfried, J. (2019). SEVGuard: Protecting User Mode Applications using Secure Encrypted Virtualization. In SecureComm 2019 Proceedings. Orlando, US: New York City, United States of America: Springer.

MLA:

Palutke, Ralph, Andreas Neubaum, and Johannes Götzfried. "SEVGuard: Protecting User Mode Applications using Secure Encrypted Virtualization." Proceedings of the SecureComm, Orlando New York City, United States of America: Springer, 2019.

BibTeX: Download