uASC Keynote - Warp Speed Security: Integrity, Confidentiality, and the Microarchitecture in Between скачать в хорошем качестве

uASC Keynote - Warp Speed Security: Integrity, Confidentiality, and the Microarchitecture in Between

Speaker: Michael Schwarz (CISPA Helmholtz Center for Information Security) Abstract: Confidential virtual machines promise a clean contract: strong isolation, integrity, and confidentiality, even against a malicious hypervisor. AMD SEV-SNP is a flagship example of this vision, aiming to deliver these guarantees without sacrificing cloud realities such as simultaneous multithreading (SMT). This keynote revisits AMD SEV-SNP through the lens of its microarchitectural attack surface. We begin with CacheWarp, which showed how cache-management mechanisms can be repurposed into precise, software-only fault attacks that violate SEV-SNP's integrity guarantees, and then highlight a recent architectural issue demonstrating that even the CPU frontend is part of the attack surface, where undocumented behavior allows a sibling hyperthread to deterministically influence guest state on fully patched Zen CPUs. Together, these examples show how easily integrity can be overlooked, despite being essential for confidentiality. Broadening the view, we draw on insights from SNPeek to show that even when integrity holds, microarchitectural side channels remain powerful enough to systematically measure and exploit information leakage in real-world workloads running inside confidential VMs. Overall, the talk argues that performance optimizations repeatedly cross abstraction boundaries, reintroducing shared state and visibility that threat models quietly exclude, and does so in a way that is concrete, occasionally uncomfortable, and hopefully entertaining. Bio: Michael Schwarz is a tenured faculty at the CISPA Helmholtz Center for Information Security. He was part of the discovery of multiple seminal CPU vulnerabilities, including Meltdown, Spectre, LVI, PLATYPUS, ZombieLoad, ÆPIC Leak, CacheWarp, Collide+Power, and GhostWrite. He was also instrumental in the KAISER patch, which forms the basis for Meltdown countermeasures (KPTI) in modern operating systems.