CounterSEVeillance: Performance-Counter Attacks on AMD SEV-SNP
Stefan Gast
Network and Distributed System Security (NDSS) Symposium 2025 · Day 2 · Trusted Hardware and Execution
In the rapidly evolving landscape of confidential computing, **Confidential Virtual Machines (CVMs)** represent a significant stride towards protecting data in use. This talk, "CounterSEVeillance: Performance-Counter Attacks on AMD SEV-SNP," presented by Stefan Gast at the NDSS Symposium, uncovers a critical vulnerability in AMD's **Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP)** technology. The research demonstrates how malicious hypervisors can leverage **Hardware Performance Counters (HPCs)** in conjunction with a novel single-stepping technique to extract sensitive information, including cryptographic keys, from CVMs.
AI review
Gast and co-authors land a clean, novel attack on AMD SEV-SNP that combines hardware-timer-based single-stepping with HPC leakage to reconstruct guest control flow from an untrusted hypervisor — no debug registers, no memory access required. The 100% key recovery against RSA square-and-multiply and TOTP validation, plus the extension to HQC post-quantum schemes, demonstrates that the threat model for general-purpose CVMs is fundamentally broken, not just edge-case fragile. This is exactly the kind of work that makes a hardware vendor sweat and forces the confidential computing field to…