Threat Model

External Threat

An external threat is an adversary with only remote access to a VM. Multiple VMs from different cloud customers run on the same physical machine, and not all cloud customers may have benign intentions. In the past, adversaries have been able to escape a VM and gain the privileges of a hypervisor. This allows an adversary to manage all VM's on the physical machine. Many cloud providers have implemented debugging features in the hypervisor, such as memory dumps. Hence, the attacker would be able to read all memory of all virtual machines by dumping it. Additionally, the adversary is able to issue a Denial-of-Service (DoS) attack by shutting down all VM's

Internal Threat

The counterpart of the external threat, is the internal threat. This type of adversary has physical access to all systems and hypervisors in the cloud. Thus he has more capabilities as the external threat, due to the physical access. In this case, internal threats are employees of the cloud provider, such as an administrator, or the cloud provider itself. An internal threat is able to modify and control all privileged software running on a physical machine. This includes the hypervisor, kernel, boot firmware, host operating system, and system management mode (SMM).

Furthermore, an internal threat is able to perform physical attacks as plugging in any peripheral device to perform a PCI Express attack to sniff the DRAM bus. In fact, the entire DRAM and DRAM bus is considered untrusted and can be under the control of any adversary. Physical attacks on the CPU chip are excluded from the threat model and out-of-scope. We refer the hypervisor and the kernel as system software. System software provides address translation for confidential computing technologies and is therefore capable of performing a DoS attack. This can happen due to incorrect page table entries. An internal threat could also simply disconnect the system from its power source to perform a DoS attack.