A team of researchers from the Indian Institute of Technology Kharagpur and Intel Corporation has uncovered a significant vulnerability in Intel’s Trust Domain Extensions (TDX) technology, potentially compromising the security of sensitive data in cloud computing environments.

Intel TDX, introduced as an advancement over the previous Software Guard Extensions (SGX), aims to provide hardware-isolated virtual machines called Trust Domains (TDs) to enhance security in virtualized environments.

However, the study reveals that TDX’s core isolation guarantees can be breached, allowing the Virtual Machine Manager (VMM) to gain unauthorized insights into TD activities.

The vulnerability stems from a flaw in TDX’s Performance Monitoring Counter (PMC) virtualization.

Isolation Breach between TD and (Source – ePrint)

Researchers demonstrated that when a VMM process and a TD share the same processor core, resource contention occurs, making the TD’s computational patterns observable through PMC data collected by the VMM.

Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN Sandox -> Try for Free

Intel Trust Domain Extensions Isolation Vulnerability

Using widely available performance monitoring tools like perf, attackers can gather low-level data such as CPU cycles, cache misses, and branch instructions.

This information can be exploited to fingerprint processes within a TD or even infer sensitive details like machine learning model classifications.

In one experiment, researchers successfully distinguished between idle and active states of a TD by analyzing performance metrics.

More alarmingly, they demonstrated the ability to differentiate between various benchmarks running inside a TD, including dhry2reg, whetstonedouble, and syscall, among others.

The study also revealed a concerning “class leakage attack” possibility. By monitoring branch misses and L1 data cache load misses, attackers could potentially infer the specific image classes being processed by machine learning models within a TD. For the CIFAR-10 dataset, 42 out of 45 class pairs were found to be distinguishable based on these metrics.

This discovery has significant implications for the confidentiality of data processed in TDX-protected environments. Intel has acknowledged the findings and is working on mitigations.

The company recommends installing TDX module version 1.5.06 or higher to reduce risks associated with some of the identified vulnerabilities. However, addressing all aspects of this isolation breach may require more comprehensive changes to the TDX architecture.

The research team emphasizes that while TDX represents a significant advancement in secure computing, no system is entirely impervious to all threats. They call for urgent enhancements to TDX’s protection mechanisms to bridge the security gaps exposed by their findings.