AMD SEV lacks formal verification of its core security properties, including confidentiality, integrity, and availability. This work presents the first systematic formal framework for rigorously verifying these critical security attributes by introducing design-level and property-level abstractions of the SEV architecture, combined with formal modeling and model checking techniques. By establishing a mathematically grounded analysis of SEV’s security guarantees, the study addresses a significant gap in the trusted execution environment literature, where prior evaluations have largely relied on informal or empirical methods. The proposed approach substantially enhances the reliability and trustworthiness of SEV as a confidential computing platform in cloud environments, providing a foundation for future formal analyses of hardware-based security mechanisms.

Trusted execution environments (TEEs) provide a secure environment for data and code in use, ensuring that they are protected with respect to confidentiality and integrity. Virtual machine (VM)-based TEEs utilize virtualization technology to create isolated execution spaces that can support a complete operating system or specific applications. AMD secure encrypted virtualization (SEV) is a key technology used in confidential computing in the cloud enabling hardware-based memory encryption to protect sensitive data within VMs. However, AMD SEV often operate without formal assurances of their security guarantees. Our research introduces a formal framework for representing and verifying AMD SEV confidential VMs. Specifically, we conduct design-level and property-level abstraction on AMD SEV specification and conduct property checking on the model to ensure confidentiality, integrity and availability. This approach provides a rigorous foundation for defining and verifying key security attributes for safeguarding execution environments.