论文信息 - TreVisor - OS-Independent Software-Based Full Disk Encryption Secure against Main Memory Attacks

TreVisor - OS-Independent Software-Based Full Disk Encryption Secure against Main Memory Attacks

Software-based disk encryption techniques store necessary keys in main memory and are therefore vulnerable to DMA and cold boot attacks which can acquire keys from RAM. Recent research results have shown operating system dependent ways to overcome these attacks. For example, the TRESOR project patches Linux to store AES keys solely on the microprocessor. We present TreVisor, the first software-based and OS-independent solution for full disk encryption that is resistant to main memory attacks. It builds upon BitVisor, a thin virtual machine monitor which implements various security features. Roughly speaking, TreVisor adds the encryption facilities of TRESOR to BitVisor, i. e., we move TRESOR one layer below the operating system into the hypervisor such that secure disk encryption runs transparently for the guest OS. We have tested its compatibility with both Linux and Windows and show positive security and performance results.

Felix C. Freiling | Tilo Müller | Benjamin Taubmann

[1] Ariel J. Feldman,et al. Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[2] Adi Shamir,et al. Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[3] Andreas Dewald,et al. TRESOR Runs Encryption Securely Outside RAM , 2011, USENIX Security Symposium.

[4] Shay Gueron,et al. Intel's New AES Instructions for Enhanced Performance and Security , 2009, FSE.

[5] R. Carbone,et al. An In-Depth Analysis of the Cold Boot Attack: Can It Be Used for Sound Forensic Memory Acquisition? , 2011 .

[6] U. Janssens,et al. The early bird catches the worm. , 2005, Critical care medicine.

[7] Gil Neiger,et al. Intel ® Virtualization Technology for Directed I/O , 2006 .

[8] Shouhuai Xu,et al. A Method for Safekeeping Cryptographic Keys from Memory Disclosure Attacks , 2009, INTRUST.

[9] Andreas Dewald,et al. AESSE: a cold-boot resistant implementation of AES , 2010, EUROSEC '10.

[10] Eugene H. Spafford,et al. Getting Physical with the Digital Investigation Process , 2003, Int. J. Digit. EVid..

[11] Patrick Simmons,et al. Security through amnesia: a software-based solution to the cold boot attack on disk encryption , 2011, ACSAC '11.