Researchers from IIT Kharagpur and Intel Corporation have identified a significant security vulnerability in Intel Trust Domain Extensions (TDX), a foundational technology designed to ensure robust isolation between virtual machines (VMs) in secure environments.
The study reveals that hardware performance counters (HPCs), meant for performance monitoring, can be exploited by Virtual Machine Managers (VMMs) to breach the isolation between Trust Domains (TDs) and the VMM itself.
This vulnerability undermines the core promise of TDX to provide a secure execution environment for sensitive workloads.
Isolation Breach Confirmed
TDX, an enhancement over Intel’s previous enclave-based technology (SGX), aims to ensure full isolation of a TD’s memory, computation, and CPU state from the VMM.
However, the findings reveal that when a TD and VMM share the same core, core resource contention occurs.
This contention manifests as observable variations in HPC metrics like branch misses, CPU cycles, and cache load misses, which are accessible to the VMM.
By leveraging this data, researchers demonstrated the ability to distinguish between idle and active TDs, fingerprint running processes, and even extract fine-grained details of machine learning inference tasks.
The researchers deployed two distinct workloads simple idle operations and computationally intensive tasks within a TD, collecting HPC data via the Linux perf tool.
The stark differences observed in the HPC metrics allowed clear differentiation between the two workloads, showcasing the inadequacy of TDX’s current protections.
Process Fingerprinting
Going beyond basic isolation breaches, the vulnerability facilitates sophisticated attacks, including:
1.Process Fingerprinting: Using HPC data, researchers successfully identified distinctive patterns of nine separate UnixBench workload processes running within a TD. A convolutional neural network (CNN) trained on this data achieved near-perfect classification accuracy, enabling precise identification of workloads.
2.Class Leakage Attacks on Machine Learning Models: By monitoring HPCs during inference operations of CNNs on CIFAR-10 and CIFAR-100 image datasets, the researchers differentiated between 42/45 class pairs for CIFAR-10 and 4,489/4,950 pairs for CIFAR-100. This capability exposes sensitive model outputs to a malicious VMM, posing a critical threat to privacy and confidentiality.
This research highlights the urgent need for Intel® to address vulnerabilities in TDX’s isolation guarantees.
Currently, even with memory encryption and restricted access controls, critical information about the TD’s internal operations can inadvertently leak through HPCs, enabling side-channel attacks under malicious VMM scenarios.
While the TDX module is a significant step forward compared to Intel SGX, this vulnerability emphasizes the need for further architectural safeguards to eliminate covert channels and prevent information leakage in virtualized environments.
Without enhanced measures, the efficacy of TDX as a trusted execution technology to secure sensitive workloads remains compromised.
Are you from SOC/DFIR Teams? - Analyse Malware Files & Links with ANY.RUN Sandox -> Try for Free
.){kind=link}