Search papers, labs, and topics across Lattice.
This paper introduces a formal framework for the representation and verification of AMD's Secure Encrypted Virtualization (SEV) technology, addressing the lack of formal security assurances in current implementations. By applying design-level and property-level abstraction to the SEV specification, the authors conduct property checking to validate critical security attributes such as confidentiality, integrity, and availability. The findings establish a rigorous foundation for ensuring the security of virtual machine-based trusted execution environments in cloud computing contexts.
Formal verification reveals that AMD SEV can achieve robust security guarantees previously unassured in virtualized environments.
Trusted execution environments (TEEs) provide a secure environment for data and code in use, ensuring that they are protected with respect to confidentiality and integrity. Virtual machine (VM)-based TEEs utilize virtualization technology to create isolated execution spaces that can support a complete operating system or specific applications. AMD secure encrypted virtualization (SEV) is a key technology used in confidential computing in the cloud enabling hardware-based memory encryption to protect sensitive data within VMs. However, AMD SEV often operate without formal assurances of their security guarantees. Our research introduces a formal framework for representing and verifying AMD SEV confidential VMs. Specifically, we conduct design-level and property-level abstraction on AMD SEV specification and conduct property checking on the model to ensure confidentiality, integrity and availability. This approach provides a rigorous foundation for defining and verifying key security attributes for safeguarding execution environments.