Demystifying AMD SEV Performance Penalty for NFV Deployment

Atiiq, Syafiq Al; Risdianto, Aris Cahyadi

Demystifying AMD SEV Performance Penalty for NFV Deployment

Mark

Atiiq, Syafiq Al ^LU and Risdianto, Aris Cahyadi (2025) 13th International Conference on Networks, Communication
and Computing, ICNCC '24 p.1-8

Abstract: Network Function Virtualization (NFV) has shifted communication networks towards more adaptable software solutions, but this transition raises new security concerns, particularly in public cloud deployments. While Intel’s Software Guard Extensions (SGX) offers a potential remedy, it requires complex application adaptations. This paper investigates AMD’s Secure Encrypted Virtualization (SEV) as an alternative approach for securing NFV. SEV encrypts virtual machine (VM) memory, protecting it from threats, including those at the hypervisor level, without requiring application modifications. We explore the practicality and performance implications of executing native Network Function (NF) implementations in AMD SEV-SNP, the latest iteration of... (More); Network Function Virtualization (NFV) has shifted communication networks towards more adaptable software solutions, but this transition raises new security concerns, particularly in public cloud deployments. While Intel’s Software Guard Extensions (SGX) offers a potential remedy, it requires complex application adaptations. This paper investigates AMD’s Secure Encrypted Virtualization (SEV) as an alternative approach for securing NFV. SEV encrypts virtual machine (VM) memory, protecting it from threats, including those at the hypervisor level, without requiring application modifications. We explore the practicality and performance implications of executing native Network Function (NF) implementations in AMD SEV-SNP, the latest iteration of SEV at the time of writing this paper. Our study focuses on running an unmodified Snort NF within SEV. Results show an average performance penalty of approximately 20% across various traffic and packet configurations, showing a trade-off between security and performance that may or may not be acceptable for different NFV deployments. (Less)

Please use this url to cite or link to this publication: https://lup.lub.lu.se/record/8aeed8d2-fd8d-47e3-b1d1-62a65f790d00

author

Atiiq, Syafiq Al ^LU and Risdianto, Aris Cahyadi

organization

publishing date

2025-03-10

type

Chapter in Book/Report/Conference proceeding

publication status

published

subject

Computer Systems

host publication

Proceedings of the 2024 13th International Conference on Networks, Communication and Computing, ICNCC'24

pages

1 - 8

publisher

Association for Computing Machinery (ACM)

conference name

13th International Conference on Networks, Communication<br/>and Computing, ICNCC '24

conference location

Bangkok, Thailand

conference dates

2024-12-20 - 2024-12-22

external identifiers

scopus:105002332072

ISBN

979-8-4007-1735-2

DOI

10.1145/3711650.3711651

language

English

LU publication?

yes

id

8aeed8d2-fd8d-47e3-b1d1-62a65f790d00

date added to LUP

2025-03-12 09:17:47

date last changed

2025-06-13 04:02:58

@inproceedings{8aeed8d2-fd8d-47e3-b1d1-62a65f790d00,
  abstract     = {{Network Function Virtualization (NFV) has shifted communication networks towards more adaptable software solutions, but this transition raises new security concerns, particularly in public cloud deployments. While Intel’s Software Guard Extensions (SGX) offers a potential remedy, it requires complex application adaptations. This paper investigates AMD’s Secure Encrypted Virtualization (SEV) as an alternative approach for securing NFV. SEV encrypts virtual machine (VM) memory, protecting it from threats, including those at the hypervisor level, without requiring application modifications. We explore the practicality and performance implications of executing native Network Function (NF) implementations in AMD SEV-SNP, the latest iteration of SEV at the time of writing this paper. Our study focuses on running an unmodified Snort NF within SEV. Results show an average performance penalty of approximately 20% across various traffic and packet configurations, showing a trade-off between security and performance that may or may not be acceptable for different NFV deployments.}},
  author       = {{Atiiq, Syafiq Al and Risdianto, Aris Cahyadi}},
  booktitle    = {{Proceedings of the 2024 13th International Conference on Networks, Communication and Computing, ICNCC'24}},
  isbn         = {{979-8-4007-1735-2}},
  language     = {{eng}},
  month        = {{03}},
  pages        = {{1--8}},
  publisher    = {{Association for Computing Machinery (ACM)}},
  title        = {{Demystifying AMD SEV Performance Penalty for NFV Deployment}},
  url          = {{http://dx.doi.org/10.1145/3711650.3711651}},
  doi          = {{10.1145/3711650.3711651}},
  year         = {{2025}},
}

Lund University Publications

LUND UNIVERSITY LIBRARIES

Demystifying AMD SEV Performance Penalty for NFV Deployment