Resources on confidential computing

Intel SGX | TDX

Official resources

• TDX https://www.intel.com/content/www/us/en/developer/articles/technical/intel-trust-domain-extensions.html
• SGX https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/overview.html

Tools (SGX)

• Official
  • https://01.org/intel-softwareguard-extensions
  • https://github.com/intel/linux-sgx
  • https://github.com/intel/linux-sgx-driver

Research Papers

Design

• Intel SGX Explained

Attacks

• A Survey of Published Attacks on Intel SGX
• Security Vulnerabilities of SGX and Countermeasures: A Survey
• SmashEx: Smashing SGX Enclaves Using Exceptions
• SGX-Step: A Practical Attack Framework for Precise Enclave Execution Control
• Faulty Point Unit: ABI Poisoning Attacks on Intel SGX
• The Guard's Dilemma: Efficient Code-Reuse Attacks Against Intel SGX
• AsyncShock: Exploiting Synchronisation Bugs in Intel SGX Enclaves
• Foreshadow
  • FORESHADOW: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution
  • Foreshadow-NG: Breaking the Virtual Memory Abstraction with Transient Out-of-Order Execution
  • Breaking Virtual Memory Protection and the SGX Ecosystem with Foreshadow
• Software Grand Exposure: SGX Cache Attacks Are Practical
• ÆPIC Leak: Architecturally Leaking Uninitialized Data from the Microarchitecture

AMD SEV, SEV-ES, SEV-SNP

Official resources

• https://developer.amd.com/sev/
• Linux kernel doc https://www.kernel.org/doc/html/latest/virt/kvm/amd-memory-encryption.html
• SEV API doc https://www.amd.com/system/files/TechDocs/55766_SEV-KM_API_Specification.pdf
• SVSM Specification https://www.amd.com/system/files/TechDocs/58019_1.00.pdf

Tools

• https://github.com/AMDESE/AMDSEV
• Secure VM Service Module (SVSM)
  • https://github.com/AMDESE/linux-svsm
  • https://github.com/coconut-svsm/svsm

Research Papers

Design

• SEV-SNP White paper

2023

• ACSAC'23 Remote attestation of confidential VMs using ephemeral vTPMs
• Usenix ATC'23 Bifrost: Analysis and Optimization of Network I/O Tax in Confidential Virtual Machines

2022

• ACSAC'22 CoCoTPM: Trusted Platform Modules for Virtual Machines in Confidential Computing Environments

Attacks/Mitigations

2023

• DIMVA'23 PwrLeak: Exploiting Power Reporting Interface for Side-Channel Attacks on AMD SEV
• CODASPY'23 Protecting Encrypted Virtual Machines from Nested Page Fault Controlled Channel
• Usenix Sec'23 CipherH: Automated Detection of Ciphertext Side-channel Vulnerabilities in Cryptographic Implementations

2022

• IEEE S&P'22 A Systematic Look at Ciphertext Side Channels on AMD SEV-SNP
• Arxiv Cipherfix: Mitigating Ciphertext Side-Channel Attacks in Software

2021

• ACSAC'21 TLB Poisoning Attacks on AMD Secure Encrypted Virtualization
• CCS'21
  • CrossLine: Breaking “Security-by-Crash” based Memory Isolation in AMD SEV
  • One Glitch to Rule Them All: Fault Injection Attacks Against AMD's Secure Encrypted Virtualization
• IEEE S&P'21 undeSErVed trust: Exploiting Permutation-Agnostic Remote Attestation
• Usenix Sec'21 CipherLeaks: Breaking Constant-time Cryptography on AMD SEV via the Ciphertext Side Channel

2020

• IEEE S&P'20 SEVurity: No Security Without Integrity : Breaking Integrity-Free Memory Encryption with Minimal Assumptions
• ROOTS'20 Exploiting Interfaces of Secure Encrypted Virtual Machines

2019

• AsiaCCS'19 The SEVerESt Of Them All: Inference Attacks Against Secure Virtual Enclaves
• CODASPY'19 Extracting Secrets from Encrypted Virtual Machines
• Usenix Sec'19 Exploiting Unprotected I/O Operations in AMD’s Secure Encrypted Virtualization

2018

• EuroSec'18 SEVered: Subverting AMD's Virtual Machine Encryption

2017

• VEE'17 Security Analysis of Encrypted Virtual Machines

IBM Power Protected Execution Facility (PEF)

Official resources

• PEF https://developer.ibm.com/articles/l-support-protected-computing/
• Linux kernel documentation https://www.kernel.org/doc/html/latest/powerpc/ultravisor.html

Research Papers

Design

• Confidential computing for OpenPOWER

Attacks

Keystone (RISC-V)

Official resources

• https://keystone-enclave.org/

Tools

• Official
  • https://github.com/keystone-enclave

Research Papers

Design

• Keystone: an open framework for architecting trusted execution environments

Attack