Security Analysis of Virtual Machine and Container Isolation on AMD EPYC Platforms
Määttä, Arijana (2026)
2026
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-202604227409
https://urn.fi/URN:NBN:fi:amk-202604227409
Tiivistelmä
This thesis presents a security analysis of virtual machine and container isolation on AMD EPYC processors (Zen 2 through Zen 5) in a production cloud environment operated by Verda Cloud Oy. The objective was to assess exposure to known CPU-level vulnerabilities and demonstrate exploitability where conditions permit, across both KVM-based virtual machines and a Kubernetes based container platform.
The assessment combined static infrastructure analysis, microarchitectural timing measurements, and controlled exploitation using publicly available proof-of-concept tools. All experiments were conducted on company-owned machines across three Finnish datacentres with no impact on production workloads.
The results show that speculative execution techniques can bypass kernel address space randomisation on two of the tested processor generations. On a third generation, a hardware mitigation prevents the full attack chain, although the underlying microarchitectural behaviour remains observable. Across all systems, the observed microcode versions did not align with the minimum versions associated with publicly disclosed vulnerabilities. In the container environment, the runtime configuration exposed kernel subsystems to tenant workloads, although no isolation boundary violations were achieved.
The findings indicate that host-level microcode updates are the primary factor determining VM security posture, as the tested software mitigations alone did not prevent exploitation on the affected generations. In the container environment, the absence of seccomp filtering left kernel subsystems accessible to tenant workloads and enabling it would be a straightforward remediation requiring no hardware changes or downtime.
The assessment combined static infrastructure analysis, microarchitectural timing measurements, and controlled exploitation using publicly available proof-of-concept tools. All experiments were conducted on company-owned machines across three Finnish datacentres with no impact on production workloads.
The results show that speculative execution techniques can bypass kernel address space randomisation on two of the tested processor generations. On a third generation, a hardware mitigation prevents the full attack chain, although the underlying microarchitectural behaviour remains observable. Across all systems, the observed microcode versions did not align with the minimum versions associated with publicly disclosed vulnerabilities. In the container environment, the runtime configuration exposed kernel subsystems to tenant workloads, although no isolation boundary violations were achieved.
The findings indicate that host-level microcode updates are the primary factor determining VM security posture, as the tested software mitigations alone did not prevent exploitation on the affected generations. In the container environment, the absence of seccomp filtering left kernel subsystems accessible to tenant workloads and enabling it would be a straightforward remediation requiring no hardware changes or downtime.