English | 中文

手机二维码
 
【打印本页】      【下载PDF全文】   查看/发表评论  下载PDF阅读器  关闭
←前一篇|后一篇→ 过刊浏览    高级检索
本文已被:浏览 728次   下载 647 本文二维码信息
码上扫一扫!
基于AMD硬件内存加密机制的关键数据保护方案
吴宇明,刘宇涛,陈海波
分享到: 微信 更多
(上海交通大学并行与分布式系统研究所, 上海 中国 200240)
摘要:
长期以来,保护应用程序关键数据(如加密密钥、用户隐私信息等)的安全一直是个重要问题,操作系统本身巨大的可信计算基使其不可避免的具有许多漏洞,而这些漏洞则会被攻击者利用进而威胁到应用程序的关键数据安全。虚拟化技术的出现为解决此类问题提供了一定程度的帮助,虚拟化场景下虚拟机监控器实际管理物理内存,可以通过拦截虚拟机的关键操作为应用程序提供保护,而硬件内存加密机制则能够解决应用程序在运行时内存中明文数据被泄露的问题。本文基于虚拟化技术和AMD的硬件内存加密机制,提出了一套高效的关键数据保护方案,并通过应用解耦和技术将关键数据与代码与其余的正常数据与代码分离并置于隔离的安全环境中运行从而达到保护关键数据的目的。测试显示,软件带来的系统性能开销小于1%,关键部分的性能开销小于6%,常见应用的延迟在接受范围内。系统能够成功保护应用程序如私钥等关键数据免受恶意操作系统的读取与Bus Snooping、Cold Boot等物理攻击。
关键词:  硬件内存加密  数据保护  内存泄露  虚拟化
DOI:10.19363/j.cnki.cn10-1380/tn.2018.01.003
投稿时间:2017-09-15修订日期:2017-11-17
基金项目:本课题得到国家重点研发计划No.2016YFB1000104支持。
Elimination of Memory Disclosure Attacks based on AMD Memory Encryption
WU Yuming,LIU Yutao,CHEN Haibo
Institution of Parallel and Distributed Systems, Shanghai Jiao Tong University, Shanghai 200240, China
Abstract:
For a long time, the security of critical data like encryption keys and private information has been an important concern. The huge trust computing base (TCB) of the operating system makes it vulnerable to various of attacks which are leveraged by malicious attackers to stealing the critical data from the applications. The virtualization technology can resolve some of these problems. Since the virtual machine monitor (VMM) Runs at the highest privilege level, it is responsible for managing the physical hardware resources and can easily intervene the selected critical operations of running OS and applications, to enforce pre-defined security policies. Recently, hardware memory encryption technology can also mediate some of these problems from the hardware level by encrypting memory data via dedicated hardware during runtime. Combined with virtualization technology and the newly proposed AMD memory encryption hardware. This paper presents a novel solution to protect the critical application data from the compromised OS in an efficient and fine-grained manner. Through application decomposition mechanism, it can separate the critical compartments from the other parts of the application and put them into the isolated environment. Evaluations show that the system performance overhead is less than 1% and the performance slowdown of the secure runtime environment is less than 6%. The latency of common applications is in an acceptable range. Security analysis shows that the system can successfully protect critical application data against a compromised operating system stealing as well as physical attacks including bus snooping and cold-boot attacks.
Key words:  Memory encryption  privacy protection  memory disclosure  virtualization