Home Original page

Beyond Full Disk Encryption: Protection on Security-Enhanced Commodity Processors

This material is based on research sponsored by the Defense Advanced Research Projects Agency (DARPA) under agreement number FA8750-09-1-0213.

References

  • Arbaugh, A., Farber, D., Smith, J.: A secure and reliable bootstrap architecture. In: Proceedings of the 1997 IEEE Symposium on Security and Privacy (SP 1997). IEEE Computer Society, Washington, DC (1997)

  • Arnold, T., Doorn, L.: The IBM PCIXCC: a new cryptographic coprocessor for the IBM eserver. The IBM Journal of Research and Development, 120–126 (2004)

  • Blass, E., Robertson, W.: TRESOR-HUNT: Attacking CPU-Bound Encryption. In: Proceedings of the 28th Annual Computer Security Applications Conference (December 2012)

  • Blunden, B.: The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System. Jones and Bartlett Publishers, Inc., USA (2009)

  • Anderson, R., Kuhn, M.: Tamper resistance – a cautionary note. In: Proceedings of the Second USENIX Workshop on Electronic Commerce, vol. 2, pp. 1–11 (1996)

  • Barrantes, E., Ackley, D., Forrest, S., Palmer, T., Sefanovic, D., Zovi, D.: Randomized Instruction Set Emulation to Disrupt Binary Code Injection Attacks. In: Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS 2003), pp. 281–289 (October 2003)

  • Boileau, A.: Hit by a Bus: Physical Access Attacks with Firewire. Presented at Ruxcon (2006)

  • Brink, D.: Full-disk encryption on the rise. Aberdeen Research Group Report (September 2009)

  • Casey, E., Fellows, G., Geiger, M., Stellatos, G.: The growing impact of full disk encryption on digital forensics. Digital Investigation 8, 129–134 (2011)

  • Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999)

  • Chhabra, S., Rogers, B., Solihin, Y., Prvulovic, M.: SecureMe: a hardware-software approach to full system security. In: Proceedings of the International Conference on Supercomputing (ICS) (May 2011)

  • Chhabra, S., Solihin, Y.: i-NVMM: a secure non-volatile main memory system with incremental encryption. In: Proceedings of the International Symposium on Computer Architecture (ISCA) (June 2011)

  • Chen, X., Dick, R., Choudary, A.: Operating system controlled processor-memory bus encryption. In: Proceedings of DATE (2008)

  • Chow, J., Pfaff, B., Garfinkel, T., Christopher, K., Rosenblum, M.: Understanding data lifetime via whole system simulation. In: Proceedings of the USENIX Security Symposium (August 2004)

  • Cortex-A Series Programmer’s Guide, Version: 2.0, http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.den0013b/index.html

  • Dallas Semiconductor. Secure microcontroller data book. Dallas (1997)

  • Duc, G., Keryell, R.: CryptoPage: an efficient secure architecture with memory encryption, integrity and information leakage protection. In: Proceedings of the Annual Computer Security Applications Conference, ACSAC (2006)

  • Gueron, S., Savagaonkar, U., McKeen, F., Rozas, C., Durham, D., Doweck, J., Mulla, O., Anati, I., Greenfield, Z., Maor, M.: Method and apparatus for memory encryption with integrity check and protection against replay attacks. WO patent number 2013002789 (January 3, 2013)

  • Halderman, J., Schoen, S., Heninger, N., Clarkson, W., Paul, W., Calandrino, J., Feldman, A., Appelbaum, J., Felten, E.: Lest we remember: cold boot attacks on encryption keys. In: Proceedings of the USENIX Security Symposium (February 2008)

  • Hennessy, J., Patterson, D.: Computer Architecture, 4th edn. A Quantitative Approach. Morgan Kaufmann Publishers Inc., San Francisco (2006)

  • Henson, M., Taylor, S.: Memory Encryption: A Survey of Existing Techniques. Submitted to ACM Computing Surveys (July 2012), Available as Thayer Technical Report TR13-001 at http://thayer.dartmouth.edu/tr/reports

  • Henson, M., Taylor, S.: Attack Mitigation through Memory Encryption of Security Enhanced Commodity Processors. In: Hart, D. (ed.) The Proceedings of the 8th International Conference on Information Warfare and Security (ICIW 2013), pp. 265–268 (March 2013)

  • i.MX53 Multimedia Applications Processor Reference Manual, http://www.freescale.com/webapp/sps/site/prod_summary.jsp?code=IMX53QSB&fpsp=1&tab=Documentation_Tab

  • Karlson, A.K., Meyers, B.R., Jacobs, A., Johns, P., Kane, S.K.: Working overtime: Patterns of smartphone and PC usage in the day of an information worker. In: Tokuda, H., Beigl, M., Friday, A., Brush, A.J.B., Tobe, Y. (eds.) Pervasive 2009. LNCS, vol. 5538, pp. 398–405. Springer, Heidelberg (2009)

  • Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)

  • Kgil, T., Falk, L., Mudge, T.: ChipLock: support for secure microarchitectures. ACM Sigarch 33(1) (March 2005)

  • Kuhn, M.: Cipher instruction search attack on the bus-encryption security microcon-troller DS5002FP. IEEE Transactions on Computing 47, 1153–2257 (1998)

  • Lee, M., Ahn, M., Kim, E.: I2SEMS: interconnects-independent security enhances shared memory multiprocessor systems. In: Proceedings of the International Conference on Parallel Architectures and Compilation Techniques, PACT (2007)

  • Lie, D., Thekkath, C., Mitchell, M., Lincoln, P., Boneh, D., Mitchell, J., Horowitz, M.: Architectural support for copy and tamper resistant software. In: Proceedings of the 9th Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), pp. 168–177 (2000)

  • McLaughlin, S., Podkuiko, D., Delozier, A., Miadzverzhanka, S., McDaniel, P.: Embedded firmware diversity for smart electric meters. In: Proceedings of the 5th USENIX Workshop on Hot Topics in Security, HotSec 2010, Wshington, DC, USA, August 1-8 (2010)

  • Mel, H., Baker, D.: Cryptography Decrypted. Addison-Wesley, Upper Saddle River (2001)

  • Muller, T., Freiling, F., Dewald, A.: TRESOR runs encryption securely outside RAM. In: Proceedings of the 20th USENIX Conference on Security (2011)

  • Müller, T., Taubmann, B., Freiling, F.C.: TreVisor: OSIndependent Software-Based Full Disk Encryption Secure Against Main Memory Attacks. In: Bao, F., Samarati, P., Zhou, J. (eds.) ACNS 2012. LNCS, vol. 7341, pp. 66–83. Springer, Heidelberg (2012)

  • Nagarajan, V., Gupta, R., Krishnaswamy, A.: Compiler-assisted memory encryption for embedded processors. In: HiPPEAC, pp. 7–22 (2007)

  • Peterson, P.: Cryptkeeper: improving security with encrypted RAM. In: Proceedings of the IEEE International Conference on Technologies for Homeland Security (HST), pp. 120–126 (November 2010)

  • Press, W., Teukolsky, S., Vetterling, W., Flannery, B.: Numerical Recipes in C, 2nd edn. Cambridge University Press, Cambridge (1992)

  • Rogers, B., Solihin, Y., Prvulovic, M.: Memory predecryption: hiding the latency overhead of memory encryption. ACM SIGARCH Computer Architecture News 33(1), 27–33 (2005)

  • Rogers, B., Prvulovic, M., Solihin, Y.: Efficient data protection for distributed shared memory multiprocessors. In: Proceedings of the 15th International Conference on Parallel Architectures and Compilation Techniques (PACT) (September 2006)

  • Shi, W., Lee, H., Ghosh, M., Lu, C.: Architectural support for high speed protection of memory integrity and confidentiality in multiprocessor systems. In: Proceedings of the 13th International Conference on Parallel Architecture and Compilation Techniques, PACT (2004)

  • Steil, M.: 17 mistakes Microsoft made in the Xbox security system. In: Proceedings of the 22nd Chaos Communication Congress (2005)

  • Steil, M., Domke, F.: The Xbox 360 Security System and its Weaknesses (August. 2008), Google TechTalk available at http://www.youtube.com/watch?v=uxjpmc8ZIxM

  • Su, L., Martinez, A., Guillemin, P., Cerdan, S., Pacalet, R.: Hardware mechanism and performance evaluation of hierarchical page-based memory bus protection. In: Proceedings of the Conference on Design, Automation and Test in Europe, DATE (2009)

  • Suh, G., O’Donell, C., Devadas, S.: Aegis: a single-chip secure processor. IEEE Design and Test of Computers 24(6), 570–580 (2007)

  • Suh, G., Clarke, D., Gassend, B., Dijk, M., Devadas, S.: Efficient memory integrity verification and encryption for secure processors. In: Proceedings of the 36th International Symposium on Microarchitecture (2005)

  • Tanenbaum, Woodhull: Operating Systems: Design and Implementation. Prentice-Hall (2006)

  • Tang, Y., Ames, P., Bhamidipati, S., Bijlani, A., Geambasu, R., Sarda, N.: CleanOS: Limiting mobile data exposure with idle eviction. In: OSDI (2012)

  • United States Air Force Cyberspace Science and Technology Vision. AF/ST TR 12-01 (December 2012), http://www.globalsecurity.org/security/library/policy/usaf/cybervision2025_afd-130327-306.pdf

  • Vasudevan, A., Owusu, E., Zhou, Z., Newsome, J., McCune, J.: Trustworthy execution on mobile devices: what security properties can my mobile platform give me? Carnegie Mellon University CyLab Technical Report 11-023 (November 2011)

  • Yan, C., Rogers, B., Englender, D., Solihin, Y., Prvulovic, M.: Improving cost performance and security of memory encryption and authentication. In: Proceedings of the 33rd International Symposium on Computer Architecture (June 2006)

Download references