This past week, we introduced a new attack primitive on confidential computing systems at the USENIX Security 2025 conference. Our work was also highlighted by AMD in their recent security advisory. The vulnerability we doscpvered enables an attacker to leak sensitive from VMs despite hardware-level security and encryption provided by AMD’s SEV-SNP processor extensions. Our findings are that such issues arise from complex interactions between cloud hypervisor resource management functions, and the encryption modes used to protect memory. This vulnerability affects confidential computing services provided by all major cloud providers including GCP, AWS and Azure. Our hope is that our research can inform both hardware manufacturers and cloud providers on how to better secure data in the cloud. You can read more about it here: https://relocatevote.org/
Yuqin Yan, the lead student behind the work gave an amazing presentation at the conference. Congratulations to everyone, including Wei Huang, Ilya Grischenko, Gururaj and Aastha as well for this great work!
Read more:
