| 引用本文: |
-
陈镜麒,张伟娟,周启航,韦秋石,黄庆佳,贾晓启,唐静.ExHyper:可模块化配置的SEV扩展[J].信息安全学报,已采用 [点击复制]
- chenjingqi,zhangweijuan,zhouqihang,weiqiushi,huangqingjia,jiaxiaoqi,tangjing.ExHyper: A Modularly Configurable SEV Extension[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 随着云计算的发展和普及,云租户数据的机密性越来越受到重视。基于硬件的存储加密技术是为数据安全提供有力保障的重要手段之一。AMD提出的安全加密虚拟化(SEV)可信执行环境解决方案,AMD SEV技术基于硬件对云租户虚拟机内存进行加密,能够实现以细粒度的方式选择性地加密租户虚拟机的内存区域,例如通过设置页表项PTE中的c位。使用AMD SEV可抵御意图窥探云租户数据的云服务提供商内部人员或已被攻破的恶意主机系统的威胁,是保证云租户数据机密性的重要手段。然而,AMD SEV将硬件以外的全部软件系统都视为不可信,包括主机系统和虚拟机管理程序程序(hypervisor),并试图将hypervisor隔绝在安全飞地(enclave)之外,这与hypervisor管理和处理虚拟机及其运行的设计初衷相悖。此外,相较于攻击的频繁出现,SEV硬件更新成本高、周期长,其版本更新速度相对滞后,SEV的使用者无法及时有效应对新出现的安全威胁。针对以上问题,本文提出一种基于软件的可模块化配置的SEV扩展——ExHyper,以灵活、快速地应对针对AMD SEV的安全威胁。ExHyper使用嵌套内核架构将自身保护为软件可信计算基,并为用户提供接口来灵活的保存敏感代码模块PALs。面对新威胁时ExHyper可以相对迅速地扩展PAL模块作为新的安全防护方案,ExHyper隔离保护PAL敏感代码模块使其免受恶意主机系统的破坏。ExHyper使用核心测量信任根CRTM提供自身的安全认证,并将信任链灵活扩展到PAL。 |
| 关键词: AMD SEV 虚拟机保护 可信执行环境 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2025.04.15 |
| 投稿时间:2024-01-10修订日期:2024-03-11 |
| 基金项目:中国科学院网络测评技术重点实验室资助项目,网络安全防护技术北京市重点实验室资助项目,国家重点研发计划(课题编号:2021YFB2910109),国家自然科学基金(项目批准号:62202465) |
|
| ExHyper: A Modularly Configurable SEV Extension |
|
chenjingqi, zhangweijuan, zhouqihang, weiqiushi, huangqingjia, jiaxiaoqi, tangjing
|
| (Institute of Information Engineering, Chinese Academy of Science) |
| Abstract: |
| With the development and popularization of cloud computing, the confidentiality of cloud tenant data has been increasingly emphasized. Hardware-based storage encryption technology is one of the powerful means to ensure data security. AMD has proposed the Secure Encrypted Virtualization (SEV) trusted execution environment solution, which encrypts the memory of cloud tenant virtual machines based on hardware, achieving selective encryption of memory areas of tenant virtual machines in a fine-grained manner, for example, by setting the c bit in page table entries (PTEs). Using AMD SEV can resist threats from cloud service providers" internal personnel or compromised malicious host systems attempting to snoop on cloud tenant data, making it an important means to ensure the confidentiality of cloud tenant data. However, AMD SEV regards all software systems outside the hardware, including the host system and hypervisor, as untrusted, and attempts to isolate the hypervisor outside the secure enclaves, which contradicts the original intention of the hypervisor to manage and handle virtual machines and their operations. Additionally, compared to the frequent occurrence of attacks, SEV hardware updates are costly and time-consuming, with relatively delayed version update speeds, making it difficult for SEV users to timely and effectively respond to newly emerging security threats. In response to these issues, this paper proposes a software-based, modularly configurable SEV extension called ExHyper to flexibly and quickly address security threats targeting AMD SEV. ExHyper uses a nested kernel architecture to protect itself as a software Trusted Computing Base (TCB) and provides users with interfaces to flexibly store sensitive code modules called PALs (Pieces of Application Logic). When faced with new threats, ExHyper can relatively quickly expand PAL modules as new security protection schemes, isolating and protecting PAL-sensitive code modules from malicious host system attacks. ExHyper uses the Core Root of Trust Measurement (CRTM) to provide its own security authentication and flexibly extends the trust chain to PALs. |
| Key words: AMD SEV Virtual Machine Protection Trusted Execution Environment |
