{"id":"https://openalex.org/W4416549342","doi":"https://doi.org/10.1145/3719027.3765233","title":"RMP <scp>ocalypse</scp> : How a Catch-22 Breaks AMD SEV-SNP","display_name":"RMP <scp>ocalypse</scp> : How a Catch-22 Breaks AMD SEV-SNP","publication_year":2025,"publication_date":"2025-11-19","ids":{"openalex":"https://openalex.org/W4416549342","doi":"https://doi.org/10.1145/3719027.3765233"},"language":"en","primary_location":{"id":"doi:10.1145/3719027.3765233","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3719027.3765233","pdf_url":null,"source":null,"license":"cc-by-nc-sa","license_id":"https://openalex.org/licenses/cc-by-nc-sa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3719027.3765233","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5092031245","display_name":"Benedict Schl\u00fcter","orcid":"https://orcid.org/0009-0007-5151-7789"},"institutions":[{"id":"https://openalex.org/I35440088","display_name":"ETH Zurich","ror":"https://ror.org/05a28rw58","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I35440088"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Benedict Schl\u00fcter","raw_affiliation_strings":["ETH Zurich, Zurich, Switzerland"],"raw_orcid":"https://orcid.org/0009-0007-5151-7789","affiliations":[{"raw_affiliation_string":"ETH Zurich, Zurich, Switzerland","institution_ids":["https://openalex.org/I35440088"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5072251298","display_name":"Shweta Shinde","orcid":"https://orcid.org/0000-0003-0415-2960"},"institutions":[{"id":"https://openalex.org/I35440088","display_name":"ETH Zurich","ror":"https://ror.org/05a28rw58","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I35440088"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Shweta Shinde","raw_affiliation_strings":["ETH Zurich, Zurich, Switzerland"],"raw_orcid":"https://orcid.org/0000-0003-0415-2960","affiliations":[{"raw_affiliation_string":"ETH Zurich, Zurich, Switzerland","institution_ids":["https://openalex.org/I35440088"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":3.5175,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.93758583,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":91,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"3840","last_page":"3854"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9934999942779541,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9934999942779541,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.001500000013038516,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.0010000000474974513,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/hypervisor","display_name":"Hypervisor","score":0.8759999871253967},{"id":"https://openalex.org/keywords/x86","display_name":"x86","score":0.7833999991416931},{"id":"https://openalex.org/keywords/confidentiality","display_name":"Confidentiality","score":0.619700014591217},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.5527999997138977},{"id":"https://openalex.org/keywords/debugging","display_name":"Debugging","score":0.5324000120162964},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.46970000863075256},{"id":"https://openalex.org/keywords/mandatory-access-control","display_name":"Mandatory access control","score":0.414000004529953},{"id":"https://openalex.org/keywords/state","display_name":"State (computer science)","score":0.41350001096725464}],"concepts":[{"id":"https://openalex.org/C112904061","wikidata":"https://www.wikidata.org/wiki/Q1077480","display_name":"Hypervisor","level":4,"score":0.8759999871253967},{"id":"https://openalex.org/C170723468","wikidata":"https://www.wikidata.org/wiki/Q182933","display_name":"x86","level":3,"score":0.7833999991416931},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7562000155448914},{"id":"https://openalex.org/C71745522","wikidata":"https://www.wikidata.org/wiki/Q2476929","display_name":"Confidentiality","level":2,"score":0.619700014591217},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.5527999997138977},{"id":"https://openalex.org/C168065819","wikidata":"https://www.wikidata.org/wiki/Q845566","display_name":"Debugging","level":2,"score":0.5324000120162964},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.46970000863075256},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.427700012922287},{"id":"https://openalex.org/C2777407602","wikidata":"https://www.wikidata.org/wiki/Q1888932","display_name":"Mandatory access control","level":4,"score":0.414000004529953},{"id":"https://openalex.org/C48103436","wikidata":"https://www.wikidata.org/wiki/Q599031","display_name":"State (computer science)","level":2,"score":0.41350001096725464},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.40220001339912415},{"id":"https://openalex.org/C141141315","wikidata":"https://www.wikidata.org/wiki/Q2379942","display_name":"Guard (computer science)","level":2,"score":0.3953000009059906},{"id":"https://openalex.org/C41036726","wikidata":"https://www.wikidata.org/wiki/Q844824","display_name":"Physical address","level":3,"score":0.3799999952316284},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.3521000146865845},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.3411000072956085},{"id":"https://openalex.org/C45235069","wikidata":"https://www.wikidata.org/wiki/Q278425","display_name":"Table (database)","level":2,"score":0.326200008392334},{"id":"https://openalex.org/C513985346","wikidata":"https://www.wikidata.org/wiki/Q270471","display_name":"Virtualization","level":3,"score":0.3172999918460846},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.3005000054836273},{"id":"https://openalex.org/C148609458","wikidata":"https://www.wikidata.org/wiki/Q7021281","display_name":"Nexus (standard)","level":2,"score":0.2773999869823456},{"id":"https://openalex.org/C33762810","wikidata":"https://www.wikidata.org/wiki/Q461671","display_name":"Data integrity","level":2,"score":0.2605000138282776},{"id":"https://openalex.org/C18131444","wikidata":"https://www.wikidata.org/wiki/Q163585","display_name":"Memory protection","level":5,"score":0.25589999556541443}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3719027.3765233","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3719027.3765233","pdf_url":null,"source":null,"license":"cc-by-nc-sa","license_id":"https://openalex.org/licenses/cc-by-nc-sa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmh:oai:www.research-collection.ethz.ch:20.500.11850/787476","is_oa":false,"landing_page_url":"http://hdl.handle.net/20.500.11850/787476","pdf_url":null,"source":{"id":"https://openalex.org/S4306402302","display_name":"Repository for Publications and Research Data (ETH Zurich)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I35440088","host_organization_name":"ETH Zurich","host_organization_lineage":["https://openalex.org/I35440088"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"CCS '25: Proceedings of the 2025 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"info:eu-repo/semantics/publishedVersion"}],"best_oa_location":{"id":"doi:10.1145/3719027.3765233","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3719027.3765233","pdf_url":null,"source":null,"license":"cc-by-nc-sa","license_id":"https://openalex.org/licenses/cc-by-nc-sa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":19,"referenced_works":["https://openalex.org/W2559981079","https://openalex.org/W2795160257","https://openalex.org/W2898566692","https://openalex.org/W3020133545","https://openalex.org/W3161212018","https://openalex.org/W3180349812","https://openalex.org/W3199024925","https://openalex.org/W3211385142","https://openalex.org/W3212271742","https://openalex.org/W4200623403","https://openalex.org/W4288057728","https://openalex.org/W4380031550","https://openalex.org/W4389395102","https://openalex.org/W4402288723","https://openalex.org/W4405182188","https://openalex.org/W4408893486","https://openalex.org/W4411337344","https://openalex.org/W4411338002","https://openalex.org/W4416549242"],"related_works":[],"abstract_inverted_index":{"AMD":[0,43],"SEV-SNP":[1,66,82],"offers":[2],"confidential":[3,8],"computing":[4],"in":[5,124],"form":[6],"of":[7,51,127,137,156,168,181],"VMs,":[9,83],"such":[10],"that":[11,34,74,119,145],"the":[12,23,29,36,49,52,59,78,86,98,110,125,131,138,146,151,166],"untrusted":[13],"hypervisor":[14,37],"cannot":[15],"tamper":[16],"with":[17],"its":[18],"confidentiality":[19,177],"and":[20,160,178,197],"integrity.":[21],"SEV-SNP,":[22],"latest":[24],"addition,":[25],"ensures":[26],"integrity":[27,179],"via":[28],"Reverse":[30],"Map":[31],"Table":[32],"(RMP)":[33],"stops":[35],"from":[38,109],"tampering":[39],"guest":[40],"page":[41],"mappings.":[42],"uses":[44],"RMP":[45,60,87,99,128,140],"entries":[46],"to":[47,77,84,96,150,175],"protect":[48],"rest":[50],"RMP,":[53],"thus":[54],"causing":[55],"a":[56,116,121],"Catch-22":[57],"during":[58],"setup":[61],"phase.":[62],"To":[63,164],"address":[64],"this,":[65],"relies":[67],"on":[68,189],"AMD's":[69],"Platform":[70],"Security":[71],"Processor":[72],"(PSP),":[73],"resides":[75],"next":[76],"x86":[79,111,132],"cores":[80,133],"executing":[81],"perform":[85],"initialization.":[88],"During":[89],"initialization,":[90,129],"only":[91],"PSP":[92],"should":[93],"be":[94,106],"able":[95],"alter":[97],"memory.":[100],"All":[101],"other":[102],"memory":[103],"accesses":[104],"must":[105],"fenced,":[107],"especially":[108],"cores.":[112],"We":[113,183],"present":[114],"RMPocalypse,":[115],"novel":[117],"attack":[118],"shows":[120,144],"critical":[122],"gap":[123,174],"security":[126],"wherein":[130],"maliciously":[134],"control":[135],"parts":[136],"initial":[139],"state.":[141],"Our":[142],"analysis":[143],"vulnerability":[147],"arises":[148],"due":[149],"complex,":[152],"but":[153],"insufficient,":[154],"interplay":[155],"multiple":[157],"hardware":[158],"components":[159],"distributed":[161],"access":[162],"controls.":[163],"show":[165],"impact":[167],"our":[169],"finding,":[170],"we":[171],"exploit":[172],"this":[173],"break":[176],"guarantees":[180],"SEV-SNP.":[182],"demonstrate":[184],"RMPocalypse":[185],"by":[186],"enabling":[187],"debug":[188],"production-mode":[190],"CVMs,":[191],"faking":[192],"attestation,":[193],"VMSA":[194],"state":[195],"replay,":[196],"code":[198],"injection.":[199]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-11-23T00:00:00"}