STUDY SPACE
HECKLER: Breaking Confidential VMs with Malicious Interrupts

HECKLER: Breaking Confidential VMs with Malicious Interrupts

4 Apr 2024 | Benedict Schlüter, Supraja Sridhara, Mark Kuhne, Andrin Bertschi, Shweta Shinde
**heckler: Breaking Confidential VMs with Malicious Interrupts** **Authors:** Benedict Schlüter, Supraja Sridhara, Mark Kuhne, Andrin Bertschi, Shweta Shinde **Abstract:** Hardware-based Trusted Execution Environments (TEEs) provide confidentiality and integrity for virtual machines (VMs) hosting security-sensitive code and data. AMD SEV-SNP and Intel TDX enable confidential VMs (CVMs) and are widely used on popular cloud platforms. The untrusted hypervisor controls resource management and configuration tasks, including interrupts. HECKLER is a new attack where the hypervisor injects malicious non-timer interrupts to compromise the confidentiality and integrity of CVMs. By using interrupt handlers with global effects, the hypervisor can manipulate CVM register states to change data and control flow. On AMD SEV-SNP and Intel TDX, HECKLER is demonstrated to bypass authentication in OpenSSH and sudo, and to alter the results of statistical and text analysis in C, Java, and Julia applications. The paper identifies gaps in current defenses and outlines guidelines for future defenses. **Introduction:** Hardware-based TEEs provide isolation and security for CVMs, but the untrusted hypervisor still manages resource allocation and virtualization. This paper introduces HECKLER, an attack that leverages the hypervisor's ability to inject controlled interrupts into CVMs. By injecting interrupts, the hypervisor can manipulate the CVM's register states and global state, affecting subsequent execution. HECKLER is part of a broader class of attacks called Ahoi, where the attacker sends malicious notifications to the victim running in a TEE. **Key Findings:** - **Interrupt Injection:** Both AMD SEV-SNP and Intel TDX forward interrupts to CVMs, allowing the hypervisor to inject int 0x80 on cores executing CVMs. This injection can alter system calls and affect application behavior. - **Gadgets and Chaining:** The paper identifies crucial gadgets in common services and workloads, such as OpenSSH and sudo, and demonstrates how to chain these gadgets using custom orchestration techniques. - **Proof-of-Concept Exploits:** HECKLER exploits are shown to bypass authentication in OpenSSH and sudo, and to alter statistical and text analysis results in C, Java, and Julia applications. **Contributions:** - **New Attack:** Introduces HECKLER, a novel attack where the hypervisor injects malicious interrupts to manipulate CVMs. - **Gadgets and Chaining:** Identifies and chains explicit effect handlers to alter application behavior. - **Proof-of-Concept Exploits:** Demonstrates the effectiveness of HECKLER in bypassing security measures and altering application outputs. **Disclosure:** The authors informed Intel and AMD about the int 0x80 vulnerability and provided patches for AMD SEV-SNP and TDX**heckler: Breaking Confidential VMs with Malicious Interrupts** **Authors:** Benedict Schlüter, Supraja Sridhara, Mark Kuhne, Andrin Bertschi, Shweta Shinde **Abstract:** Hardware-based Trusted Execution Environments (TEEs) provide confidentiality and integrity for virtual machines (VMs) hosting security-sensitive code and data. AMD SEV-SNP and Intel TDX enable confidential VMs (CVMs) and are widely used on popular cloud platforms. The untrusted hypervisor controls resource management and configuration tasks, including interrupts. HECKLER is a new attack where the hypervisor injects malicious non-timer interrupts to compromise the confidentiality and integrity of CVMs. By using interrupt handlers with global effects, the hypervisor can manipulate CVM register states to change data and control flow. On AMD SEV-SNP and Intel TDX, HECKLER is demonstrated to bypass authentication in OpenSSH and sudo, and to alter the results of statistical and text analysis in C, Java, and Julia applications. The paper identifies gaps in current defenses and outlines guidelines for future defenses. **Introduction:** Hardware-based TEEs provide isolation and security for CVMs, but the untrusted hypervisor still manages resource allocation and virtualization. This paper introduces HECKLER, an attack that leverages the hypervisor's ability to inject controlled interrupts into CVMs. By injecting interrupts, the hypervisor can manipulate the CVM's register states and global state, affecting subsequent execution. HECKLER is part of a broader class of attacks called Ahoi, where the attacker sends malicious notifications to the victim running in a TEE. **Key Findings:** - **Interrupt Injection:** Both AMD SEV-SNP and Intel TDX forward interrupts to CVMs, allowing the hypervisor to inject int 0x80 on cores executing CVMs. This injection can alter system calls and affect application behavior. - **Gadgets and Chaining:** The paper identifies crucial gadgets in common services and workloads, such as OpenSSH and sudo, and demonstrates how to chain these gadgets using custom orchestration techniques. - **Proof-of-Concept Exploits:** HECKLER exploits are shown to bypass authentication in OpenSSH and sudo, and to alter statistical and text analysis results in C, Java, and Julia applications. **Contributions:** - **New Attack:** Introduces HECKLER, a novel attack where the hypervisor injects malicious interrupts to manipulate CVMs. - **Gadgets and Chaining:** Identifies and chains explicit effect handlers to alter application behavior. - **Proof-of-Concept Exploits:** Demonstrates the effectiveness of HECKLER in bypassing security measures and altering application outputs. **Disclosure:** The authors informed Intel and AMD about the int 0x80 vulnerability and provided patches for AMD SEV-SNP and TDX
Terms of Service
Privacy Policy
Reach us at info@study.space
[slides and audio] Heckler%3A Breaking Confidential VMs with Malicious Interrupts