CybersecurityHardwareSemiconductors

Black Hat Europe 2025 | Low-Cost Memory Interposer Attacks On Confidential Computing

Black Hat
Black HatJun 19, 2026

Why It Matters

Weak memory‑encryption undermines the security guarantees of confidential computing, exposing cloud data to physical attacks and eroding customer trust in secure‑cloud offerings.

Key Takeaways

  • Confidential computing relies on processor isolation and memory encryption.
  • Industry memory encryption often lacks integrity and freshness guarantees.
  • AMD SEV prioritizes scalability over full cryptographic protection.
  • Researchers demonstrate low‑cost interposer attacks on encrypted memory.
  • Weak memory‑encryption designs expose cloud data to physical adversaries.

Summary

The Black Hat Europe 2025 talk examined the emerging threat landscape around memory encryption in confidential‑computing clouds. The presenters highlighted how processor‑level isolation and memory encryption together form the backbone of today’s confidential‑computing promises, yet the memory‑encryption layer often sacrifices integrity and replay‑protection for scalability. Key insights included the exponential growth of privileged code in operating systems, the industry’s divergent approaches—Intel’s SGX, AMD’s SEV, Intel TDX, and ARM’s equivalents—and the trade‑offs each makes. While Intel’s early SGX offered confidentiality, integrity and freshness, later scalable versions dropped those guarantees; AMD’s SEV scales to terabytes but omits integrity and freshness, a pattern echoed across vendors. The researchers cited real‑world deployments such as WhatsApp’s AI workloads in Azure confidential VMs, and then detailed a low‑cost interposer attack that exploits the missing integrity checks in current memory‑encryption designs. By reverse‑engineering SPD data and manipulating DRAM addressing, the attack can read or replay encrypted memory without breaking the processor’s enclave. The implication is clear: cloud providers and hardware vendors must revisit memory‑encryption architectures to incorporate cryptographic integrity and freshness without sacrificing performance. Failure to do so leaves confidential‑computing workloads vulnerable to physical‑access adversaries, undermining the business case for secure cloud services.

Original Description

As cloud computing adoption grows, so do concerns about trust and data privacy. Confidential computing, powered by innovative hardware technologies like Intel SGX and AMD SEV, promises strong isolation and transparent memory encryption to protect against privileged attackers and physical threats such as bus snooping and cold boot attacks. In this talk we present a custom, low-cost (50 dollar) DDR4 interposer that dynamically manipulates memory address lines to create adversarial aliases, tricking the processor into granting unauthorized access to encrypted memory. Crucially, our interposer operates at runtime, allowing it to bypass recent boot-time firmware mitigations deployed by Intel and AMD in response to our earlier software-based "BadRAM" memory aliasing attacks.
Using our novel interposer, we undermine trust in both the Intel SGX and AMD SEV ecosystems. We demonstrate the first successful attack on Intel's Scalable SGX single-key memory domain, enabling arbitrary plaintext read/write access and extraction of SGX's platform provisioning key used for remote attestation. Additionally, we achieve full attestation bypasses on up-to-date AMD SEV-SNP systems despite the latest firmware defenses, allowing us to forge attestation reports and implant persistent backdoors in SEV-protected virtual machines.
In the broader context, our results challenge fundamental assumptions about encrypted memory security guarantees and expose critical flaws in the performance-security trade-offs of today's confidential cloud computing systems.
By:
Jesse De Meulemeester | PhD researcher, COSIC, KU Leuven
Jo Van Bulck | Prof., DistriNet, KU Leuven
David Oswald | Prof., Durham University

Comments

Want to join the conversation?

Loading comments...