一次一个漏洞逐步破坏机密计算.pdf

《一次一个漏洞逐步破坏机密计算.pdf》由会员分享，可在线阅读，更多相关《一次一个漏洞逐步破坏机密计算.pdf（93页珍藏版）》请在三个皮匠报告上搜索。

1、#BHUSA BlackHatEventsCompromising Confidential Compromising Confidential ComputeComputeOne bug at a time#BHUSA BlackHatEventsMaxMicrosoft Offensive Research&Security Engineering MORSE Team#BHUSA BlackHatEventsSecurity review of Intel TDXPartnership between Microsoft and Intel4-month teamwork#BHUSA B

2、lackHatEvents1.The TDX Module:technical overview2.Research approach and first findings3.Vulnerability 14.Vulnerability 2#BHUSA BlackHatEventsA change in virtualization architectureStandard Architecture The guests memory and registers are visible to the hypervisorHypervisorGuest1Guest2Cloud ProviderC

3、loud Customers#BHUSA BlackHatEventsA change in virtualization architectureStandard Architecture The guests memory and registers are visible to the hypervisorHypervisorGuest1Guest2Cloud ProviderCloud CustomersAttacker#BHUSA BlackHatEventsA change in virtualization architectureStandard Architecture Th

4、e guests memory and registers are visible to the hypervisorHypervisorGuest1Guest2Cloud ProviderCloud CustomersAttackerTDX Architecture TDX Module:firmware,gatekeeper Memory is encrypted,registers are hiddenTDXHypervisorGuest1Guest2#BHUSA BlackHatEventsA change in virtualization architectureStandard

5、Architecture The guests memory and registers are visible to the hypervisorHypervisorGuest1Guest2Cloud ProviderCloud CustomersAttackerTDX Architecture TDX Module:firmware,gatekeeper Memory is encrypted,registers are hiddenTDXHypervisorGuest1Guest2Attacker#BHUSA BlackHatEventsThe TDX Module Provides c

6、onfidentialityand integrityguarantees to guests Available in future generation CPUs Were very interested in Confidential Computing in Azure Our goal:verify the security of the TDX module#BHUSA BlackHatEvents1.The TDX Module:technical overview2.Research approach and first findings3.Vulnerability 14.V