NDSS 2025 – CounterSEVeillance: Performance-Counter Attacks On AMD SEV-SNP
None
<p>Session 7B: Trusted Hardware and Execution</p><p></p><center data-preserve-html-node="true"><iframe allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen="" src="https://www.youtube-nocookie.com/embed/TYBhhkOaEQ4?si=BjQE_KGgTtFEKv81" width="560" frameborder="0" data-preserve-html-node="true" title="YouTube video player" height="315"></iframe> <p></p><center data-preserve-html-node="true">Authors, Creators & Presenters: Stefan Gast (Graz University of Technology), Hannes Weissteiner (Graz University of Technology), Robin Leander Schröder (Fraunhofer SIT, Darmstadt, Germany and<br> Fraunhofer Austria, Vienna, Austria), Daniel Gruss (Graz University of Technology) | <p></p><center data-preserve-html-node="true">PAPER<br> <center data-preserve-html-node="true">CounterSEVeillance: Performance-Counter Attacks On AMD SEV-SNP <p></p><center data-preserve-html-node="true">Confidential virtual machines (VMs) promise higher security by running the VM inside a trusted execution environment (TEE). Recent AMD server processors support confidential VMs with the SEV-SNP processor extension. SEV-SNP provides guarantees for integrity and confidentiality for confidential VMs despite running them in a shared hosting environment. In this paper, we introduce CounterSEVeillance, a new side-channel attack leaking secret-dependent control flow and operand properties from performance counter data. Our attack is the first to exploit performance counter side-channel leakage with single-instruction resolution from SEV-SNP VMs and works on fully patched systems. We systematically analyze performance counter events in SEV-SNP VMs and find that 228 are exposed to a potentially malicious hypervisor. CounterSEVeillance builds on this analysis and records performance counter traces with an instruction-level resolution by single-stepping the victim VM using APIC interrupts in combination with page faults. We match CounterSEVeillance traces against binaries, precisely recovering the outcome of any secret-dependent conditional branch and inferring operand properties. We present four attack case studies, in which we exemplarily showcase concrete exploitable leakage with 6 of the exposed performance counters. First, we use CounterSEVeillance to extract a full RSA-4096 key from a single Mbed TLS signature process in less than 8 minutes. Second, we present the first side-channel attack on TOTP verification running in an AMD SEV-SNP VM, recovering a 6-digit TOTP with only 31.1 guesses on average. Third, we show that CounterSEVeillance can leak the secret key from which the TOTPs are derived from the underlying base32 decoder. Fourth and finally, we show that CounterSEVeillance can also be used to construct a plaintext-checking oracle in a divide-and-surrender-style attack. We conclude that moving an entire VM into a setting with a privileged adversary increases the attack surface, given the vast amounts of code not vetted for this specific security setting. <hr> <p></p><center data-preserve-html-node="true">ABOUT NDSS<br> <center data-preserve-html-node="true">The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies. <hr> <p>Our thanks to the <a href="https://www.ndss-symposium.org/">Network and Distributed System Security (NDSS) Symposium</a> for publishing their Creators, Authors and Presenter’s superb <a href="https://www.youtube.com/@NDSSSymposium">NDSS Symposium 2025 Conference</a> content on the <a href="https://www.ndss-symposium.org/">Organizations’</a> <a href="https://youtube.com/@ndsssymposium?si=lLtn9sVVEwmZ8J9h3">YouTube Channel</a>. </p> <p></p></center></center></center></center></center></center></center><p><a href="https://www.infosecurity.us/blog/2025/12/27/ndss-2025-counterseveillance-performance-counter-attacks-on-amd-sev-snp">Permalink</a></p><p> </p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2025/12/ndss-2025-counterseveillance-performance-counter-attacks-on-amd-sev-snp/" data-a2a-title="NDSS 2025 – CounterSEVeillance: Performance-Counter Attacks On AMD SEV-SNP"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F12%2Fndss-2025-counterseveillance-performance-counter-attacks-on-amd-sev-snp%2F&linkname=NDSS%202025%20%E2%80%93%20CounterSEVeillance%3A%20Performance-Counter%20Attacks%20On%20AMD%20SEV-SNP" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F12%2Fndss-2025-counterseveillance-performance-counter-attacks-on-amd-sev-snp%2F&linkname=NDSS%202025%20%E2%80%93%20CounterSEVeillance%3A%20Performance-Counter%20Attacks%20On%20AMD%20SEV-SNP" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F12%2Fndss-2025-counterseveillance-performance-counter-attacks-on-amd-sev-snp%2F&linkname=NDSS%202025%20%E2%80%93%20CounterSEVeillance%3A%20Performance-Counter%20Attacks%20On%20AMD%20SEV-SNP" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F12%2Fndss-2025-counterseveillance-performance-counter-attacks-on-amd-sev-snp%2F&linkname=NDSS%202025%20%E2%80%93%20CounterSEVeillance%3A%20Performance-Counter%20Attacks%20On%20AMD%20SEV-SNP" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F12%2Fndss-2025-counterseveillance-performance-counter-attacks-on-amd-sev-snp%2F&linkname=NDSS%202025%20%E2%80%93%20CounterSEVeillance%3A%20Performance-Counter%20Attacks%20On%20AMD%20SEV-SNP" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.infosecurity.us/">Infosecurity.US</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Marc Handelman">Marc Handelman</a>. Read the original post at: <a href="https://www.youtube-nocookie.com/embed/TYBhhkOaEQ4?si=BjQE_KGgTtFEKv81">https://www.youtube-nocookie.com/embed/TYBhhkOaEQ4?si=BjQE_KGgTtFEKv81</a> </p>