• PDF / 416,569 Bytes
• 20 Pages / 439.37 x 666.142 pts Page_size
• 106 Downloads / 204 Views

DOWNLOAD

REPORT

Abstract. Physical access to a system allows attackers to read out RAM through cold boot and DMA attacks. Thus far, counter measures protect only against attacks targeting disk encryption keys, while the remaining memory content is left vulnerable. We present a bytecode interpreter that protects code and data of programs against memory attacks by executing them without using RAM for sensitive content. Any program content within memory is encrypted, for which the interpreter utilizes TRESOR [1], a cold boot resistant implementation of the AES cipher. The interpreter was developed as a Linux kernel module, taking advantage of the CPU instruction sets AVX for additional registers, and AESNI for fast encryption. We show that the interpreter is secure against memory attacks, and that the overall performance is only a factor of 4 times slower than the performance of Python. Moreover, the performance penalty is mostly induced by the encryption.

Keywords: Coldboot

1

· Secure computation · Encrypted bytecode

Introduction

Physical security has often been a weak point in the defense of computer systems, especially mobile ones. Against physical access, software protection methods are often no longer effective. Even though methods such as full disk encryption can protect parts of the system, namely the hard disk, encryption keys still reside in RAM. As it stands, encryption is not applied to RAM, which makes memory attacks feasible today. A memory attack is a physical attack that lets an adversary obtain a memory contents of the targeted running system. One type of memory attack is known as the cold boot attack [2,3]. Cold boot attacks exploit the data remanence effect [4] which says that data in RAM gradually fades away and can be accessed for a short period of time after powering off [5–7]. Another threat are DMA attacks. DMA attacks exploit the fact that direct memory access allows external devices to directly interface with RAM, without the operating system being involved [8,9].

c Springer International Publishing Switzerland 2015  G. Pernul et al. (Eds.): ESORICS 2015, Part II, LNCS 9327, pp. 376–395, 2015. DOI: 10.1007/978-3-319-24177-7 19

A Bytecode Interpreter for Secure Execution

1.1

377

Motivation

As the spread of full disk encryption extends, and devices become more and more mobile, the importance of memory attacks increases. Persons who use encryption rely on their data to be protected against physical access, which hard disk encryption alone cannot provide. Main memory can no longer be regarded as a trusted resource because of cold boot and DMA attacks. Consequently, multiple counter measures have been developed to make disk encryption withstand memory attacks. One approach is to run the encryption algorithm only on the CPU without using memory [1,10,11]. Another solution are hard disks encrypting their data with a built-in crypto-module that stores keys securely in the disk itself. However, all these solutions have in common that they protect only the disk encryption key against main memory attacks. The me

Recommend Documents

JDart : Dynamic Symbolic Execution for Java Bytecode (Competition Contribution)

171 108 10MB

Main Memory

167 48 2MB

Two-Hop Secure Communication Using an Untrusted Relay

146 93 485KB

A Hybrid Methodology for Multi-owner Information Sharing in Untrusted Cloud Using Secure Mona Convention

151 79 26MB

A Secure and Efficient Smart Contract Execution Scheme

199 25 19MB

Synthesising Monitors from High-Level Policies for the Safe Execution of Untrusted Software

122 50 306KB

Dynamic and Secure Memory Transformation in Userspace

168 81 48MB

A Non-Volatile Buffered Main Memory Using Phase-Change RAM

172 30 289KB

Future of dynamic random-access memory as main memory

211 10 1MB

BISM: Bytecode-Level Instrumentation for Software Monitoring

149 4 33MB

XQuery Interpreter

154 95 2MB

Initial experience with 3D XPoint main memory

186 57 3MB