论文信息 - Protect sensitive data with lightweight memory encryption

Protect sensitive data with lightweight memory encryption

Since current commercial processor is not able to deal with the data in the cipher text, the sensitive data have to be exposed in the memory. It leaves a window for the adversary. To protect the sensitive data, a direct idea is to encrypt the data when the processor does not access them. On the observation, we have developed a lightweight memory encryption, called LeMe, to protect the sensitive data in the application. LeMe marks the sensitive data in the memory with the page table entry, and encrypts the data in their free time. LeMe is built on the Linux with a 3.17.6 kernel, and provides four user interfaces as dynamic link library. Our evaluations show LeMe is effective to protect the sensitive data and incurs an acceptable performance overhead.

Jinhui Yuan | Rui Xiao | Kai Zhang | Hongwei Zhou | Jingyao Sun

[1] Shouhuai Xu,et al. Protecting Cryptographic Keys from Memory Disclosure Attacks , 2007, 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07).

[2] Johannes Götzfried,et al. RamCrypt: Kernel-based Address Space Encryption for User-mode Processes , 2016, AsiaCCS.

[3] Kang G. Shin,et al. Using hypervisor to provide data secrecy for user applications on a per-page basis , 2008, VEE '08.

[4] G. Edward Suh,et al. Aegis: A Single-Chip Secure Processor , 2007, IEEE Des. Test Comput..

[5] Jing Wang,et al. Protecting Private Keys against Memory Disclosure Attacks Using Hardware Transactional Memory , 2015, 2015 IEEE Symposium on Security and Privacy.

[6] Byung-Gon Chun,et al. Making Programs Forget: Enforcing Lifetime for Sensitive Data , 2011, HotOS.