Memory encryption

Memory encryption has yet to be used at the core of operating system designs to provide confidentiality of code and data. As a result, numerous vulnerabilities exist at every level of the software stack. Three general approaches have evolved to rectify this problem. The most popular approach is based on complex hardware enhancements; this allows all encryption and decryption to be conducted within a well-defined trusted boundary. Unfortunately, these designs have not been integrated within commodity processors and have primarily been explored through simulation with very few prototypes. An alternative approach has been to augment existing hardware with operating system enhancements for manipulating keys, providing improved trust. This approach has provided insights into the use of encryption but has involved unacceptable overheads and has not been adopted in commercial operating systems. Finally, specialized industrial devices have evolved, potentially adding coprocessors, to increase security of particular operations in specific operating environments. However, this approach lacks generality and has introduced unexpected vulnerabilities of its own. Recently, memory encryption primitives have been integrated within commodity processors such as the Intel i7, AMD bulldozer, and multiple ARM variants. This opens the door for new operating system designs that provide confidentiality across the entire software stack outside the CPU. To date, little practical experimentation has been conducted, and the improvements in security and associated performance degradation has yet to be quantified. This article surveys the current memory encryption literature from the viewpoint of these central issues.

[1]  Tao Zhang,et al.  HIDE: an infrastructure for efficiently protecting information leakage on the address bus , 2004, ASPLOS XI.

[2]  Brian Kaplan RAM is Key Extracting Disk Encryption Keys From Volatile Memory , 2007 .

[3]  Trevor N. Mudge,et al.  ChipLock: support for secure microarchitectures , 2005, CARN.

[4]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[5]  H.-H.S. Lee,et al.  Architectural support for high speed protection of memory integrity and confidentiality in multiprocessor systems , 2004, Proceedings. 13th International Conference on Parallel Architecture and Compilation Techniques, 2004. PACT 2004..

[6]  Patrick D. McDaniel,et al.  Defending Against Attacks on Main Memory Persistence , 2008, 2008 Annual Computer Security Applications Conference (ACSAC).

[7]  Ariel J. Feldman,et al.  Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[8]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[9]  G. Edward Suh,et al.  Caches and hash trees for efficient memory integrity verification , 2003, The Ninth International Symposium on High-Performance Computer Architecture, 2003. HPCA-9 2003. Proceedings..

[10]  David A. Patterson,et al.  Computer Architecture, Fifth Edition: A Quantitative Approach , 2011 .

[11]  A. Ramachandran,et al.  Computing Cryptographic Algorithms in Portable and Embedded Devices , 2007, 2007 IEEE International Conference on Portable Information Devices.

[12]  Brian Rogers,et al.  Improving Cost, Performance, and Security of Memory Encryption and Authentication , 2006, 33rd International Symposium on Computer Architecture (ISCA'06).

[13]  Sean W. Smith Magic Boxes and Boots: Security in Hardware , 2004, Computer.

[14]  Christof Paar,et al.  Cryptography in Embedded Systems : An Overview , 2003 .

[15]  Lionel Torres,et al.  Hardware engines for bus encryption: a survey of existing techniques , 2005, Design, Automation and Test in Europe.

[16]  Christopher James Hargreaves,et al.  Using a software exploit to image RAM on an embedded system , 2010, Digit. Investig..

[17]  Markus G. Kuhn,et al.  Cipher Instruction Search Attack on the Bus-Encryption Security Microcontroller DS5002FP , 1998, IEEE Trans. Computers.

[18]  Xiangyu Zhang,et al.  SENSS: security enhancement to symmetric shared memory multiprocessors , 2005, 11th International Symposium on High-Performance Computer Architecture.

[19]  Brian Rogers,et al.  Memory predecryption: hiding the latency overhead of memory encryption , 2005, CARN.

[20]  Rosario Gennaro,et al.  Pseudo-random Number Generation on the IBM 4758 Secure Crypto Coprocessor , 2001, CHES.

[21]  Yan Solihin,et al.  i-NVMM: A secure non-volatile main memory system with incremental encryption , 2011, 2011 38th Annual International Symposium on Computer Architecture (ISCA).

[22]  Eoghan Casey,et al.  The growing impact of full disk encryption on digital forensics , 2011, Digit. Investig..

[23]  Peter A. H. Peterson,et al.  Cryptkeeper: Improving security with encrypted RAM , 2010, 2010 IEEE International Conference on Technologies for Homeland Security (HST).

[24]  Renaud Pacalet,et al.  SecBus: Operating System controlled hierarchical page-based memory bus protection , 2009, 2009 Design, Automation & Test in Europe Conference & Exhibition.

[25]  Jun Yang,et al.  Improving memory encryption performance in secure processors , 2005, IEEE Transactions on Computers.

[26]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[27]  Ronan Keryell,et al.  CryptoPage: An Efficient Secure Architecture with Memory Encryption, Integrity and Information Leakage Protection , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[28]  Lionel Torres,et al.  Hardware Mechanisms for Memory Authentication: A Survey of Existing Techniques and Engines , 2009, Trans. Comput. Sci..

[29]  Luther Martin,et al.  XTS: A Mode of AES for Encrypting Hard Disks , 2010, IEEE Security & Privacy.

[30]  Srivaths Ravi,et al.  Tamper resistance mechanisms for secure embedded systems , 2004, 17th International Conference on VLSI Design. Proceedings..

[31]  Tal Garfinkel,et al.  Understanding data lifetime via whole system simulation , 2004 .

[32]  Edwin Naroska,et al.  A New Encryption and Hashing Scheme for the Security Architecture for Microprocessors , 2006, Communications and Multimedia Security.

[33]  P. Guillemin,et al.  Hardware Mechanism and Performance Evaluation of Hierarchical Page-Based Memory Bus Protection , 2009 .

[34]  G. Edward Suh,et al.  AEGIS: architecture for tamper-evident and tamper-resistant processing , 2003, ICS.

[35]  Brian Rogers,et al.  Using Address Independent Seed Encryption and Bonsai Merkle Trees to Make Secure Processors OS- and Performance-Friendly , 2007, 40th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO 2007).

[36]  Michael Shuey,et al.  StackGhost: Hardware Facilitated Stack Protection , 2001, USENIX Security Symposium.

[37]  Michael Steil,et al.  Mistakes Microsoft Made in the Xbox Security System , 2022 .

[38]  Nikil Dutt,et al.  DynaPoMP: dynamic policy-driven memory protection for SPM-based embedded systems , 2011 .

[39]  Vandana Gunupudi,et al.  Exploring trusted platform module capabilities: a theoretical and experimental study , 2008 .

[40]  Brent Waters,et al.  Cloaking Malware with the Trusted Platform Module , 2011, USENIX Security Symposium.

[41]  Peter Gutmann An Open-Source Cryptographic Coprocessor , 2000, USENIX Security Symposium.

[42]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[43]  Helger Lipmaa,et al.  Comments to NIST concerning AES Modes of Operations: CTR-Mode Encryption , 2000 .

[44]  Robert Tappan Morris,et al.  USENIX Association Proceedings of HotOS IX : The 9 th Workshop on Hot Topics in Operating Systems , 2003 .

[45]  Yan Solihin,et al.  An Analysis of Secure Processor Architectures , 2010, Trans. Comput. Sci..

[46]  Alessandro Acquisti,et al.  Do Data Breaches Disclosure Laws Reduce Identity Theft? , 2010, WEIS.

[47]  Dan Boneh,et al.  Architectural support for copy and tamper resistant software , 2000, SIGP.

[48]  Brian Rogers,et al.  SecureME: a hardware-software approach to full system security , 2011, ICS '11.

[49]  Manhee Lee,et al.  I2SEMS: Interconnects-Independent Security Enhanced Shared Memory Multiprocessor Systems , 2007, 16th International Conference on Parallel Architecture and Compilation Techniques (PACT 2007).

[50]  G. Edward Suh,et al.  Aegis: A Single-Chip Secure Processor , 2007, IEEE Design & Test of Computers.

[51]  David H. Ackley,et al.  Randomized instruction set emulation to disrupt binary code injection attacks , 2003, CCS '03.

[52]  Brian Rogers,et al.  Efficient data protection for distributed shared memory multiprocessors , 2006, 2006 International Conference on Parallel Architectures and Compilation Techniques (PACT).

[53]  Jean-Didier Legat,et al.  Architecture of security management unit for safe hosting of multiple agents , 1999, Electronic Imaging.

[54]  Stephen T. Kent Protecting externally supplied software in small computers , 1980 .

[55]  Andreas Dewald,et al.  TRESOR Runs Encryption Securely Outside RAM , 2011, USENIX Security Symposium.

[56]  共立出版株式会社 コンピュータ・サイエンス : ACM computing surveys , 1978 .

[57]  Alessandro Acquisti,et al.  Do Data Breach Disclosure Laws Reduce Identity Theft? (Updated) , 2008 .

[58]  Leendert van Doorn,et al.  The IBM PCIXCC: A new cryptographic coprocessor for the IBM eServer , 2004, IBM J. Res. Dev..

[59]  Niels Provos,et al.  Encrypting Virtual Memory , 2000, USENIX Security Symposium.

[60]  Stephen Taylor,et al.  Beyond Full Disk Encryption: Protection on Security-Enhanced Commodity Processors , 2013, ACNS.

[61]  W. Huott,et al.  Non-invasive timing analysis of IBM G6 microprocessor L1 cache using backside time-resolved hot electron luminescence , 2000, 2000 IEEE International Solid-State Circuits Conference. Digest of Technical Papers (Cat. No.00CH37056).

[62]  Patrick Simmons,et al.  Security through amnesia: a software-based solution to the cold boot attack on disk encryption , 2011, ACSAC '11.

[63]  Rajiv Gupta,et al.  Compiler-Assisted Memory Encryption for Embedded Processors , 2009, Trans. High Perform. Embed. Archit. Compil..

[64]  Xi Chen,et al.  Operating System Controlled Processor-Memory Bus Encryption , 2008, 2008 Design, Automation and Test in Europe.

[65]  Darren R. Hayes,et al.  Implications of Microsoft Vista operating system for computer forensics investigations , 2009, 2009 IEEE Long Island Systems, Applications and Technology Conference.

[66]  Marek Chrobak,et al.  A low-cost memory remapping scheme for address bus protection , 2006, 2006 International Conference on Parallel Architectures and Compilation Techniques (PACT).

[67]  Markus G. Kuhn,et al.  Tamper resistance: a cautionary note , 1996 .

[68]  Brian Rogers,et al.  Single-level integrity and confidentiality protection for distributed shared memory multiprocessors , 2008, 2008 IEEE 14th International Symposium on High Performance Computer Architecture.

[69]  G. Edward Suh,et al.  Efficient Memory Integrity Verification and Encryption for Secure Processors , 2003, MICRO.