SYSTEM Cited by 1 source
SNPeek (side-channel research)¶
What it is¶
SNPeek is Google Research's published side-channel analysis of AMD SEV-SNP — full title SNPeek: Side-Channel Analysis for Privacy Applications on Confidential VMs. The work demonstrates that real-world privacy applications running inside SEV-SNP CVMs can leak information through microarchitectural side-channels, despite the TEE's nominal isolation guarantees.
Significance for production privacy architectures¶
The 2026-05-27 Google zero-trust-aggregation post cites SNPeek as evidence that TEE-only privacy architectures are structurally exposed to ongoing side-channel discovery:
"Researchers regularly discover side-channel vulnerabilities that can be leveraged by an attacker to either invalidate TEE guarantees, or application-level specific guarantees (SNPeek, TDXray)."
This is the explicit motivation for adding the cryptographic defense-in-depth layer in the 2026 Google federated-analytics architecture: cryptography-plus-TEE defense in depth is the architectural response to the kind of risk SNPeek demonstrates.
Caveats¶
- Stub wiki page. The research details (specific side-channel mechanisms, severity, mitigations) live in the published paper; this page exists primarily to record the citation context within the wiki's TEE-side-channel-vulnerability discussion.
- Sibling to TDXray which applies the same research approach to Intel TDX.
Seen in¶
- sources/2026-05-27-google-private-analytics-via-zero-trust-aggregation — cited alongside TDXray as evidence for ongoing TEE side-channel discovery.
Related¶
- systems/amd-sev-snp — the TEE substrate analysed
- systems/tdxray-side-channel-research — sibling research, Intel TDX
- concepts/tee-side-channel-vulnerability — the risk class SNPeek evidences
- concepts/trusted-execution-environment
- patterns/cryptography-plus-tee-defense-in-depth