Skip to content

Commit 07a9d89

Browse files
edmundsongedmundsong
committed
Update README.md
1 parent 2c7c80e commit 07a9d89

File tree

1 file changed

+10
-3
lines changed
  • cczoo/penetration_testing/memory_attack/tdx

1 file changed

+10
-3
lines changed

cczoo/penetration_testing/memory_attack/tdx/README.md

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,19 @@
11
# TDX Confidential Computing with Encrypted Memory protection for Application/Data in Runtime
22

33
This demo primarily shows the memory encryption protection provided by TDVM at runtime.
4-
Using the `virsh dump` tool, user can dump the runtime memory images of both TDVM and legacy VM.
5-
By scanning these dumped memory files, user can search the sensitive application data during execution.
4+
5+
In traditional virtual machines, memory dump attacks are a serious concern. A privileged user—such as a hypervisor, host administrator, or an attacker who has broken privilege control—can use tools like `virsh` or `gdb` to access the full memory of a virtual machine. Since legacy VM memory is stored in plaintext, sensitive data can be easily extracted from the dump.
6+
7+
For example, using the `virsh dump` tool, a user can dump the runtime memory images of a VM. By scanning these dumped memory files, user can search the sensitive application data during execution, such as keys, passwords, or proprietary model information.
8+
9+
In contrast, Intel TDX-based TDVMs use hardware-enforced memory encryption to prevent the host,the hypervisor or any privileged software from reading the VM user’s raw data even the underlying cloud environment is not fully trusted. The memory contents of a TDVM are encrypted and can only be decrypted by the TDVM itself, ensuring that sensitive data remains confidential even if the memory is dumped.
10+
11+
This demo demonstrates the key advantage of confidential computing: keeping tenant memory contents private in complex public cloud environments where trust in the underlying infrastructure cannot be fully assured.
12+
613

714
![alt text](./img/demo-overview.png)
815

9-
The demo vedio:
16+
The demo video:
1017

1118
https://private-user-images.githubusercontent.com/48268768/461796528-11d5fcbc-5a17-4119-a7bc-dc2ca57956fa.mp4?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3NTE1MDg4NzYsIm5iZiI6MTc1MTUwODU3NiwicGF0aCI6Ii80ODI2ODc2OC80NjE3OTY1MjgtMTFkNWZjYmMtNWExNy00MTE5LWE3YmMtZGMyY2E1Nzk1NmZhLm1wND9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNTA3MDMlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjUwNzAzVDAyMDkzNlomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTNiOTk4MTFkNGY0OTM0ZGU2ODRjNTJkZmIyYzJiYmIxZWFiM2E3YzgxZjI3ZDY1MTQ4YWIwYzUwMDcyNTUzZjkmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0In0.eeZqTycy9MP_sVBk2SFaYrdlv1zi8naX5KYx3DVL94M
1219

0 commit comments

Comments
 (0)