skip to main content
10.1145/3065913.3065914acmconferencesArticle/Chapter ViewAbstractPublication PageseurosysConference Proceedingsconference-collections
research-article

Protecting Suspended Devices from Memory Attacks

Published: 23 April 2017 Publication History

Abstract

Today's computing devices keep considerable amounts of sensitive data unencrypted in RAM. When stolen, lost or simply unattended, attackers are capable of accessing the data in RAM with ease. Valuable and possibly classified data falling into the wrongs hands can lead to severe consequences, for instance when disclosed or reused to log in to accounts or to make transactions. We present a lightweight and hardware-independent mechanism to protect confidential data on suspended Linux devices against physical attackers. Our mechanism rapidly encrypts the contents of RAM during suspension and thereby prevents attackers from retrieving confidential data from the device. Existing systems can easily be extended with our mechanism while fully preserving the usability for end users.

References

[1]
A. Boileau. Hit by a bus: Physical access attacks with Firewire. Presentation, Ruxcon, 2006.
[2]
A. Würstlein, M. Gernoth, J. Götzfried and T. Müller. Exzess: Hardware-Based RAM Encryption Against Physical Memory Disclosure. In Architecture of Computing Systems--ARCS, pages 60--71. Springer, 2016.
[3]
C. Devine and G. Vissian. Compromission physique par le bus PCI. In Procs. of SSTIC '09. Thales Security Systems, 2009.
[4]
D. Lie, C. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. Mitchell and M. Horowitz. Architectural Support for Copy and Tamper Resistant Software. In Proceedings of the Ninth International Conf. on Architectural Support for Programming Languages and Operating Systems, pages 168--177. ACM, 2000.
[5]
E. G. Suh, C. W. O'Donnell and S. Devadas. AEGIS: A single-chip secure processor. Design & Test of Computers. IEEE, 24(6):570--580, 2007.
[6]
F. McKeen, I. Alexandrovich, A. Berenzon, C. V. Rozas, H. Shafi, V. Shanbhogue and U. R. Savagaonkar. Innovative instructions and software model for isolated execution. In Proceedings of the 2nd Int. Workshop on Hardware and Architectural Support for Security and Privacy. ACM, 2013.
[7]
G. Duc and R. Keryell. CryptoPage: an efficient secure architecture with memory encryption, integrity and information leakage protection. In Computer Security Applications Conference. ACSAC'06. 22nd Annual, pages 483--492. IEEE, 2006.
[8]
J. A. Halderman, S. D. Schoen, N. Heninger, W. Clarkson, W. Paul, J. A. Calandrino et al. Lest We Remember: Cold-boot Attacks on Encryption Keys. Communications of the ACM. ACM, pages 91--98, 2009.
[9]
J. Chow, B. Pfaff, T. Garfinkel and M. Rosenblum. Shredding Your Garbage: Reducing Data Lifetime Through Secure Deallocation. In Proceedings of the 14th Conference on USENIX Security Symposium - Volume 14, pages 22--22. USENIX Association, 2005.
[10]
J. Götzfried, T. Müller, G. Drescher, S. Nürnberger and M. Backes. RamCrypt: Kernel-based Address Space Encryption for User-mode Processes. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pages 919--924. ACM, 2016.
[11]
J. Götzfried and T. Müller. ARMORED: CPU-Bound Encryption for Android-Driven ARM Devices. In Availability, Reliability and Security (ARES), 8th International Conf. on, pages 161--168. IEEE, 2013.
[12]
L. Guan, J. Lin, B. Luo and J. Jing. Copker: Computing with Private Keys without RAM. 2014.
[13]
L. Guan, J. Lin, B. Luo, J. Jing and J. Wang. Protecting private keys against memory disclosure attacks using hardware transactional memory. In 2015 IEEE Symposium on Security and Privacy, pages 3--19. IEEE, 2015.
[14]
L. Zhao and M. Mannan. Hypnoguard: Protecting secrets across sleep-wake cycles. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pages 945--957. ACM, 2016.
[15]
M. Becher, M. Dornseif and C. N. Klein. FireWire: All Your Memory Are Belong To Us. Proceedings of CanSecWest, 2005.
[16]
M. D. Corner and B. D. Noble. Protecting applications with transient authentication. In Proceedings of the 1st international conference on Mobile systems, applications and services, pages 57--70. ACM, 2003.
[17]
P. Colp, J. Zhang, J. Gleeson, S. Suneja, E. de Lara, H. Raj, S. Saroiu and A. Wolman. Protecting data on smartphones and tablets from memory attacks. In Proceedings of the 20th International Conference on Architectural Support for Programming Languages and Operating Systems, pages 177--189. ACM, 2015.
[18]
P. Gutmann. Data Remanence in Semiconductor Devices. In Proceedings of the 10th conference on USENIX Security Symposium-Volume 10, page 4. USENIX Association, 2001.
[19]
P.A.H. Peterson. Cryptkeeper: Improving security with encrypted RAM. In Technologies for Homeland Security (HST), IEEE International Conference on, pages 120--126. IEEE, 2010.
[20]
R. Weinmann. Baseband Attacks: Remote Exploitation of Memory Corruptions in Cellular Protocol Stacks. In Proceedings of the 6th USENIX Conference on Offensive Technologies. USENIX, 2012.
[21]
P. Stewin and I. Bystrov. Understanding DMA malware. In Detection of Intrusions and Malware, and Vulnerability Assessment, pages 21--41. Springer, 2012.
[22]
T. Alves and D. Felton. TrustZone: Integrated Hardware and Software Security -- Enabling Trusted Computing in Embedded Systems. 2004.
[23]
T. Müller, A. Dewald and F. C. Freiling. AESSE: A Cold-boot Resistant Implementation of AES. In Proceedings of the 3rd European Workshop on System Security, EUROSEC '10, pages 42--47. ACM, 2010.
[24]
T. Müller and M. Spreitzenbarth. FROST: Forensic Recovery of Scrambled Telephones. In Proceedings of the 11th Int. Conference on Applied Cryptography and Network Security, pages 373--388. Springer, 2013.
[25]
T. Müller, F. C. Freiling and A. Dewald. TRESOR Runs Encryption Securely Outside RAM. In Proceedings of the 20th USENIX Conference on Security, SEC'11. USENIX, 2011.
[26]
T. Müller, B. Taubmann and F. C. Freiling. Trevisor. In Applied Cryptography and Network Security, Lecture Notes in Computer Science, pages 66--83. Springer, 2012.
[27]
T. Pettersson. Cryptographic Key Recovery from Linux Memory Dumps. Presentation, Chaos Communication Camp, August 2007.
[28]
X. Chen, R. P. Dick and A. Choudhary. Operating system controlled processor-memory bus encryption. In Design, Automation and Test in Europe, 2008. DATE'08, pages 1154--1159. IEEE, 2008.
[29]
Y. Tang, P. Ames, S. Bhamidipati et al. CleanOS: Limiting Mobile Data Exposure with Idle Eviction. In Proceedings of the 10th USENIX Conference on Operating Systems Design and Implementation, OSDI'12, pages 77--91. USENIX, 2012.

Cited By

View all
  • (2023)Dissecting BFT Consensus: In Trusted Components we Trust!Proceedings of the Eighteenth European Conference on Computer Systems10.1145/3552326.3587455(521-539)Online publication date: 8-May-2023
  • (2020)MemShield: GPU-Assisted Software Memory EncryptionApplied Cryptography and Network Security10.1007/978-3-030-57878-7_16(323-343)Online publication date: 29-Aug-2020
  • (2017)TransCrypt: Transparent Main Memory Encryption Using a Minimal ARM Hypervisor2017 IEEE Trustcom/BigDataSE/ICESS10.1109/Trustcom/BigDataSE/ICESS.2017.232(152-161)Online publication date: Aug-2017

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
EuroSec'17: Proceedings of the 10th European Workshop on Systems Security
April 2017
65 pages
ISBN:9781450349352
DOI:10.1145/3065913
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 April 2017

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Data Confidentiality
  2. Data Security
  3. Operating Systems Security
  4. RAM Encryption
  5. Systems Security

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Conference

EuroSys '17
Sponsor:
EuroSys '17: Twelfth EuroSys Conference 2017
April 23 - 26, 2017
Belgrade, Serbia

Acceptance Rates

EuroSec'17 Paper Acceptance Rate 10 of 24 submissions, 42%;
Overall Acceptance Rate 47 of 113 submissions, 42%

Upcoming Conference

EuroSys '25
Twentieth European Conference on Computer Systems
March 30 - April 3, 2025
Rotterdam , Netherlands

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)7
  • Downloads (Last 6 weeks)1
Reflects downloads up to 13 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2023)Dissecting BFT Consensus: In Trusted Components we Trust!Proceedings of the Eighteenth European Conference on Computer Systems10.1145/3552326.3587455(521-539)Online publication date: 8-May-2023
  • (2020)MemShield: GPU-Assisted Software Memory EncryptionApplied Cryptography and Network Security10.1007/978-3-030-57878-7_16(323-343)Online publication date: 29-Aug-2020
  • (2017)TransCrypt: Transparent Main Memory Encryption Using a Minimal ARM Hypervisor2017 IEEE Trustcom/BigDataSE/ICESS10.1109/Trustcom/BigDataSE/ICESS.2017.232(152-161)Online publication date: Aug-2017

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media