SNPeek: Side-Channel Analysis for Privacy Applications on Confidential VMs
Ruiyi Zhang
Network and Distributed System Security (NDSS) Symposium 2026 · Day 1 · Microarchitectural Security
Confidential Virtual Machines (CVMs) built on technologies like **AMD SEV-SNP** promise hardware-enforced isolation that keeps data encrypted even from the cloud provider and hypervisor. Organizations are increasingly deploying privacy-sensitive workloads inside CVMs as a cheaper alternative to cryptographic approaches like multi-party computation or fully homomorphic encryption. But this talk from **Google** and **CISPA** researchers demonstrates that side-channel attacks can systematically violate the privacy guarantees these applications rely on -- and the hardware vendors consider this out of scope.
AI review
Google and CISPA researchers demonstrate that side-channel attacks at four granularities can systematically violate the privacy guarantees of applications running on confidential VMs like AMD SEV-SNP, even when those applications correctly implement differential privacy. The Sybil-plus-side-channel combination is a clean, practical attack model with real-world impact against privacy-preserving systems in advertising and inference.