Researchers Bypass AMD’s SEV Virtual Machine Encryption


Researchers Bypass AMD’s SEV Virtual Machine Encryption

Category : Blog

Encryption of AMD’s SEV Virtual Machine Bypass by Researchers

Encryption is the process of using an algorithm to transform information to make it unreadable for unauthorized users. This cryptographic method protects sensitive data such as credit card numbers by encoding and transforming information into unreadable cipher text. This encoded data may only be decrypted or made readable with a key. Symmetric-key and asymmetric-key are the two primary types of encryption.

Four researchers from the Fraunhofer Institute for Applied and Integrated Safety in Munich, Germany have published a research paper this week detailing a method of recovering data that is normally encrypted by AMD’s Secure Encrypted Virtualization (SEV), a safety mechanism designed to encrypt the data of virtual machines running on servers with AMD CPUs.

The research team says their attack, which they named SEVered, is capable of recovering plaintext memory data from guest VMs running on the same server as the VM that’s under attack.




SEVered attack can recover data from encrypted VMs

“By repeatedly sending requests for the same resource to the service while re-mapping the identified memory pages, we extract all the VM’s memory in plaintext,” researchers said in their paper, entitled “SEVered: Subverting AMD’s Virtual Machine Encryption.”

The attack is successful because the VM stores some of its data inside the main RAM memory, and “the page-wise encryption of main memory lacks integrity protection.” This allows an attacker to map out the entire memory and then requests parts used by other nearby VMs, of which the attacked guest VM shouldn’t be able to access, let alone in plaintext.

During tests of their attack, researchers said they were able to retrieve a test server’s entire 2GB memory, including data from a guest VM.

Researchers achieved the best results by bombarding Apache and nginx with repeated requests, retrieving memory data at a speed of 79.4 KB/sec, while an attack on OpenSSH was slower, retrieving data at only 41.6 KB/sec.

A severe limitation that reduces the attack feasibility is the fact that an attacker needs to modify a server’s hypervisor to carry out a SEVered attack, something that may be out of the reach of some intruders renting a guest VM if the server is kept up to date with security patches.




SEVered attack works even on VMs under a high load

The research team also added that their SEVered attack isn’t hindered by maxed out servers, being able to retrieve memory data even when the targeted VM is under a high load.

The team’s work was showcased last month at the 11th European Workshop on Systems Security, held in Porto, Portugal.

For their test rig, researchers used an AMD Epyc 7251 processor, an AMD CPU meant for data centers, released in June 2017.





Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Android Training in Bangalore

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery


Other Location for Online Courses:




Leave a Reply