Confidential virtual machines (CVMs) based on trusted execution environments (TEEs) enable new privacy-preserving solutions. Yet, they leave side-channel leakage outside their threat model, shifting the responsibility of mitigating such attacks to developers. However, mitigations are either not generic or too slow for practical use, and developers currently lack a systematic, efficient way to measure and compare leakage across real-world deployments. In this paper, we present SNPeek, an open-source toolkit that offers configurable side-channel tracing primitives on production AMD SEV-SNP hardware and couples them with statistical and machine-learning-based analysis pipelines for automated leakage estimation. We apply SNPeek to three representative workloads that are deployed on CVMs to enhance user privacy-private information retrieval, private heavy hitters, and Wasm user-defined functions-and uncover previously unnoticed leaks, including a covert channel that exfiltrates data at 497 kbit/s. The results show that SNPeek pinpoints vulnerabilities and guides low-overhead mitigations based on oblivious memory and differential privacy, giving practitioners a practical path to deploy CVMs with meaningful confidentiality guarantees.

翻译：基于可信执行环境（TEE）的机密虚拟机（CVM）为隐私保护解决方案提供了新的可能。然而，其威胁模型未涵盖侧信道泄露，使得开发者需自行承担缓解此类攻击的责任。目前，现有的缓解措施要么缺乏通用性，要么在实际应用中速度过慢，且开发者尚缺乏系统、高效的方法来测量和比较真实部署场景中的泄露情况。本文提出SNPeek，一个开源工具包，可在生产级AMD SEV-SNP硬件上提供可配置的侧信道追踪原语，并结合基于统计与机器学习的分析流程，实现自动化泄露评估。我们将SNPeek应用于三种部署于CVM以增强用户隐私的代表性工作负载——私有信息检索、私有高频项统计以及WebAssembly用户自定义函数——并发现了此前未注意到的泄露，包括一种以497 kbit/s速率窃取数据的隐蔽信道。实验结果表明，SNPeek能精准定位漏洞，并基于不经意内存与差分隐私技术指导低开销的缓解措施，为实践者提供了部署具备实质性保密保障的CVM的可行路径。