引用本文: |
-
吴宇明,刘宇涛,陈海波.基于AMD硬件内存加密机制的关键数据保护方案[J].信息安全学报,2018,3(1):31-47 [点击复制]
- WU Yuming,LIU Yutao,CHEN Haibo.Elimination of Memory Disclosure Attacks based on AMD Memory Encryption[J].Journal of Cyber Security,2018,3(1):31-47 [点击复制]
|
|
摘要: |
长期以来,保护应用程序关键数据(如加密密钥、用户隐私信息等)的安全一直是个重要问题,操作系统本身巨大的可信计算基使其不可避免的具有许多漏洞,而这些漏洞则会被攻击者利用进而威胁到应用程序的关键数据安全。虚拟化技术的出现为解决此类问题提供了一定程度的帮助,虚拟化场景下虚拟机监控器实际管理物理内存,可以通过拦截虚拟机的关键操作为应用程序提供保护,而硬件内存加密机制则能够解决应用程序在运行时内存中明文数据被泄露的问题。本文基于虚拟化技术和AMD的硬件内存加密机制,提出了一套高效的关键数据保护方案,并通过应用解耦和技术将关键数据与代码与其余的正常数据与代码分离并置于隔离的安全环境中运行从而达到保护关键数据的目的。测试显示,软件带来的系统性能开销小于1%,关键部分的性能开销小于6%,常见应用的延迟在接受范围内。系统能够成功保护应用程序如私钥等关键数据免受恶意操作系统的读取与Bus Snooping、Cold Boot等物理攻击。 |
关键词: 硬件内存加密 数据保护 内存泄露 虚拟化 |
DOI:10.19363/j.cnki.cn10-1380/tn.2018.01.003 |
投稿时间:2017-09-15修订日期:2017-11-17 |
基金项目:本课题得到国家重点研发计划No.2016YFB1000104支持。 |
|
Elimination of Memory Disclosure Attacks based on AMD Memory Encryption |
WU Yuming, LIU Yutao, CHEN Haibo
|
(Institution of Parallel and Distributed Systems, Shanghai Jiao Tong University, Shanghai 200240, China) |
Abstract: |
For a long time, the security of critical data like encryption keys and private information has been an important concern. The huge trust computing base (TCB) of the operating system makes it vulnerable to various of attacks which are leveraged by malicious attackers to stealing the critical data from the applications. The virtualization technology can resolve some of these problems. Since the virtual machine monitor (VMM) Runs at the highest privilege level, it is responsible for managing the physical hardware resources and can easily intervene the selected critical operations of running OS and applications, to enforce pre-defined security policies. Recently, hardware memory encryption technology can also mediate some of these problems from the hardware level by encrypting memory data via dedicated hardware during runtime. Combined with virtualization technology and the newly proposed AMD memory encryption hardware. This paper presents a novel solution to protect the critical application data from the compromised OS in an efficient and fine-grained manner. Through application decomposition mechanism, it can separate the critical compartments from the other parts of the application and put them into the isolated environment. Evaluations show that the system performance overhead is less than 1% and the performance slowdown of the secure runtime environment is less than 6%. The latency of common applications is in an acceptable range. Security analysis shows that the system can successfully protect critical application data against a compromised operating system stealing as well as physical attacks including bus snooping and cold-boot attacks. |
Key words: Memory encryption privacy protection memory disclosure virtualization |