针对机密虚拟机的反洗钱注入攻击.pdf

1、#BHEU BlackHatEventsAML Injection Attackson Confidential VMsSpeaker(s):Satoru Takekoshi1,Manami Mori2,Takaaki Fukai3,Takahiro Shinagawa11 The University of Tokyo,2 Tokyo Metropolitan University,3 National Institute of Advanced Industrial Science and Technology#BHEU BlackHatEventsInformation Classifi

2、cation:GeneralOutline Introduction to a Confidential VM(Virtual Machine)Overview of AML(ACPI Machine Language)Our Proposal:AML Injection Attack Case studies:Linux and Windows Mitigation Strategies Takeaways2#BHEU BlackHatEventsInformation Classification:GeneralIntroduction to a Confidential VM3#BHEU

3、 BlackHatEventsInformation Classification:GeneralVirtual Machine(VM)Traditional Virtual MachineSensitive DataCloud vendorfull access4Cloud useruploadUse the cloud.Trust us!E.g.,Amazon EC2 and Google GCP#BHEU BlackHatEventsInformation Classification:GeneralConfidential VM(CVM)Confidential Virtual Mac

4、hineSensitive DataCloud vendor5Cloud useruploadKeep my secret!No need totrust us!#BHEU BlackHatEventsInformation Classification:GeneralCVMEncryption in CVMCloud userCloud vendorUsers Sensitive Data6CPU#BHEU BlackHatEventsInformation Classification:GeneralCVMAttestation in CVMAttestationCloud vendorC

5、loud user7Guest OSFirmwareCPUOS and firmware are legitimate!#BHEU BlackHatEventsInformation Classification:GeneralThreat Model in CVMCloud vendorCloud user8CPUUntrustedTrustedCVM#BHEU BlackHatEventsInformation Classification:GeneralCommercialized CVM9Amazon EC2 instancewith AMD SEV-SNPGCP Confidenti

6、al VMinstancesAzureConfidential VMsAMD SEV-SNPIntel TDXCloud VendorsCPU Vendors#BHEU BlackHatEventsInformation Classification:GeneralOverview of AML10#BHEU BlackHatEventsInformation Classification:General11 ACPI=Advanced Configuration and Power InterfaceACPI Machine Language(AML)FirmwareOS KernelAML