USENIX'19 Paper

System

Attacks

• Monitoring nPT (nested page table) and gPT (guest page table)
• Page faults => a list of accessed pages => find the actual address of the target page
• Decryption oracle: move content of the ciphertext to the SWIOTLB
• Let it be decrypted

Technical Details

• Monitoring/MITM the DMA operations
• Pattern matching to find the accessed address in private memory
• IOremap to replace ciphertext
• QEMU notifies the VM about DMA write. Does it notify the device to read DMA?