Cloud computing has become an essential part of our everyday lives, both personally and professionally. Whether it’s storing family photos, running a business or training cutting-edge AI models, we rely on remote servers to keep our data safe and secure and trust that it won’t be modified in any way.

Although storing information in the cloud exposes data to potential risks, hardware vendors like AMD mitigate these risks by collaborating with major cloud providers such as Amazon Web Services (AWS), Google Cloud and Microsoft Azure, to provide hardware-level protection that is meant to keep data secure and confidential even if the cloud provider experiences a security breach.

However, a team of University of Toronto researchers led by David Lie, director of the Schwartz Reisman Institute (SRI) and Gururaj Saileshwar, assistant professor in the Department of Computer Science, and executed by Yuqin Yan, a student at the Department of Electrical & Computer Engineering (ECE), found a flaw in these systems. They discovered that the complex interactions between the software that the cloud providers run, and the hardware-level protection, leads to new security challenges and vulnerabilities.

“Unlike most security vulnerabilities that are found in either the hardware or the software, what sets this discovery apart is that it was found in the interplay between the software and AMD’s hardware” said Lie, who is cross-appointed to the Department of Computer Science. “In this case, it was found when the hypervisor and central processing unit (CPU) interacted.”

We can think of a hypervisor as the “virtual landlord” of AMD’s chips. It is software that “rents” out computing resources, such as memory, to the cloud customer “tenants” allowing various customer workloads to run securely, independently and confidentially on its CPU.

AMD’s confidential computing technology is designed to protect such tenants in the event that the landlord is controlled by a malicious entity; in other words, if it is hacked. It encrypts data in a way that depends on its location within memory, so if the same data is stored in two places, it is encrypted completely differently. That makes it difficult for the hypervisor to know anything about the data or track it across locations, increasing the security of the data.

“The system lets the hypervisor move data around to manage memory efficiently,” explained Lie. “So when data is relocated, AMD’s hardware decrypts it from the old location and re-encrypts it for the new location. But, what we found was that by doing this over and over again, a malicious hypervisor can learn recurring patterns from within the data, which could lead to privacy breaches.”

Vulnerabilities like this have the potential to affect people and organizations alike.

“These are the kinds of unexpected consequences that come from the complexity of modern systems,” said Saileshwar. “The attack we discovered, which we call Relocate-Vote, shows how that complexity, especially at the boundary between secure hardware and untrusted software, can lead to serious vulnerabilities.”

The majority of the research was performed by ECE student Yuqin Yan. It also included now-graduated ECE student Wei Huang, ECE and SRI Postdoctoral Fellow Ilya Grishchenko, and UBC faculty member Aastha Mehta.

“Our role in academia is to identify vulnerabilities in real systems,” said Saileshwar. “I am proud of the work our team did. We are pleased that Yuqin was able to present this paper at the USENIX Security Symposium in Seattle, Washington.”

Going forward, Saileshwar notes that the consequences of hardware security are only going to grow and affect more organizations over time.

“As we move more of our data to the cloud, hardware security is becoming more important than ever,” said Saileshwar. “Hardware is becoming more complex, it’s adding more features all the time, and we’re relying on its security features even more. We’re placing a lot of trust in hardware, making the research our team is doing at the University of Toronto into hardware security issues more impactful than ever.”

For more information about Relocate-Vote, please visit the project website.

Original story by Andrea Wiseman for the Schwartz Reisman Institute