Battering RAM – Low-Cost Interposer Attacks on Confidential Computing

Summary

Modern computers use memory modules (DRAM) to store everything in use: from photos and passwords to credit card numbers. Public cloud providers increasingly deploy hardware-level memory encryption to protect this sensitive data. However, we previously showed that malicious memory modules, nicknamed “Bad RAM”, can bypass these protections by deliberately supplying false metadata during processor boot. In response, modern cloud systems now validate memory more strictly at startup. Breaking Memory Encryption with Two-Faced DRAM With Battering RAM, we show that even the latest defenses on Intel and AMD cloud processors can be bypassed. We built a simple, $50 interposer that sits quietly in the memory path, behaving transparently during startup and passing all trust checks. Later, with just a flip of a switch, our interposer turns malicious and silently redirects protected addresses to attacker-controlled locations, allowing corruption or replay of encrypted memory. Battering RAM fully breaks cutting-edge Intel SGX and AMD SEV-SNP confidential computing processor security technologies designed to protect sensitive workloads from compromised hosts, malicious cloud providers, or rogue employees. Our stealthy interposer bypasses both memory encryption and state-of-the-art boot-time defenses, invisible to the operating system. It enables arbitrary plaintext access to SGX-protected memory, and breaks SEV’s attestation feature on fully patched systems. Ultimately, Battering RAM exposes the limits of today’s scalable memory encryption. Intel and AMD have acknowledged our findings, but defending against Battering RAM would require a fundamental redesign of memory encryption itself. Building Battering RAM on a $50 Budget Unlike commercial passive interposers, which are exceedingly expensive and commonly cost over $100,000, we developed a custom-built interposer that uses simple analog switches to actively manipulate signals between the processor and memory, and can be built for l...