������Ƶ

Cloud computing has become an essential part of our everyday lives, both personally and professionally. Whether it’s storing family photos, running a business or training cutting-edge AI models, we rely on remote servers to keep our data safe and secure and trust that it won’t be modified in any way.

Although storing information in the cloud exposes data to potential risks, hardware vendors like AMD mitigate these risks by collaborating with major cloud providers such as Amazon Web Services (AWS), Google Cloud and Microsoft Azure, to provide hardware-level protection that is meant to keep data secure and confidential even if the cloud provider experiences a security breach.

However, a team of University of Toronto researchers led by , director of the Schwartz Reisman Institute (SRI) and , assistant professor in the ������Ƶ of Computer Science, and executed by , a student at the ������Ƶ of Electrical & Computer Engineering (ECE), found a flaw in these systems. They discovered that the complex interactions between the software that the cloud providers run, and the hardware-level protection, leads to new security challenges and vulnerabilities.

“Unlike most security vulnerabilities that are found in either the hardware or the software, what sets this discovery apart is that it was found in the interplay between the software and AMD’s hardware” said Lie, who is cross-appointed to the ������Ƶ of Computer Science. “In this case, it was found when the hypervisor and central processing unit (CPU) interacted.”

We can think of a hypervisor as the “virtual landlord” of AMD’s chips. It is software that “rents” out computing resources, such as memory, to the cloud customer “tenants” allowing various customer workloads to run securely, independently and confidentially on its CPU.

AMD’s confidential computing technology is designed to protect such tenants in the event that the landlord is controlled by a malicious entity; in other words, if it is hacked. It encrypts data in a way that depends on its location within memory, so if the same data is stored in two places, it is encrypted completely differently. That makes it difficult for the hypervisor to know anything about the data or track it across locations, increasing the security of the data.

“The system lets the hypervisor move data around to manage memory efficiently,” explained Lie. “So when data is relocated, AMD’s hardware decrypts it from the old location and re-encrypts it for the new location. But, what we found was that by doing this over and over again, a can learn recurring patterns from within the data, which could lead to privacy breaches.”

Vulnerabilities like this have the potential to affect people and organizations alike.

“These are the kinds of unexpected consequences that come from the complexity of modern systems,” said Saileshwar. “The attack we discovered, which we call Relocate-Vote, shows how that complexity, especially at the boundary between secure hardware and untrusted software, can lead to serious vulnerabilities.”

The majority of the research was performed by ECE student Yuqin Yan. It also included now-graduated ECE student , ECE and SRI Postdoctoral Fellow , and UBC faculty member .

“Our role in academia is to identify vulnerabilities in real systems,” said Saileshwar. “I am proud of the work our team did. We are pleased that Yuqin was able to present this paper at the in Seattle, Washington.”

Going forward, Saileshwar notes that the consequences of hardware security are only going to grow and affect more organizations over time.

“As we move more of our data to the cloud, hardware security is becoming more important than ever,” said Saileshwar. “Hardware is becoming more complex, it’s adding more features all the time, and we’re relying on its security features even more. We’re placing a lot of trust in hardware, making the research our team is doing at the University of Toronto into hardware security issues more impactful than ever.”

For more information about Relocate-Vote, please visit the .

by Andrea Wiseman for the Schwartz Reisman Institute