short-paper

RamCrypt: Kernel-based Address Space Encryption for User-mode Processes

Authors:

Johannes Götzfried,

Gabor Drescher,

Stefan Nürnberger,

Michael BackesAuthors Info & Claims

ASIA CCS '16: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security

Pages 919 - 924

https://doi.org/10.1145/2897845.2897924

Published: 30 May 2016 Publication History

Abstract

We present RamCrypt, a solution that allows unmodified Linux processes to transparently work on encrypted data. RamCrypt can be deployed and enabled on a per-process basis without recompiling user-mode applications. In every enabled process, data is only stored in cleartext for the moment it is processed, and otherwise stays encrypted in RAM. In particular, the required encryption keys do not reside in RAM, but are stored in CPU registers only. Hence, RamCrypt effectively thwarts memory disclosure attacks, which grant unauthorized access to process memory, as well as physical attacks such as cold boot and DMA attacks. In its default configuration, RamCrypt exposes only up to 4 memory pages in cleartext at the same time. For the nginx web server serving encrypted HTTPS pages under heavy load, the necessary TLS secret key is hidden for 97% of its time.

References

[1]

Root exploit on Exynos. http://forum.xda-developers.com/showthread.php?t=2048511.

[2]

Bastian Reitemeier. Palinopsia: Reconstruction of FrameBuffers from VRAM. https://hsmr.cc/palinopsia/, Mar. 2015.

[3]

Becher, M., Dornseif, M., and Klein, C. N. FireWire - All Your Memory Are Belong To Us. In Proceedings of the Annual CanSecWest Applied Security Conference (2005).

[4]

Blass, E., and Robertson, W. TRESOR-HUNT: attacking cpu-bound encryption. In 28th Annual Computer Security Applications Conference, ACSAC, Orlando, FL, USA (2012), pp. 71--78.

Digital Library

[5]

Boileau, A. Hit by a Bus: Physical Access Attacks with Firewire. In Proceedings of Ruxcon '06 (Sydney, Australia, Sept. 2006).

[6]

Chow, J., Pfaff, B., Garfinkel, T., Christopher, K., and Rosenblum, M. Understanding data lifetime via whole system simulation. In Proceedings of the 13th USENIX Security Symposium (2004), pp. 321--336.

Digital Library

[7]

Duc, G., and Keryell, R. Cryptopage: An efficient secure architecture with memory encryption, integrity and information leakage protection. In 22nd Annual Computer Security Applications Conference ACSAC 2006), Miami, Florida, USA (2006), pp. 483--492.

Digital Library

[8]

Dunn, A. M., Lee, M. Z., Jana, S., Kim, S., Silberstein, M., Xu, Y., Shmatikov, V., and Witchel, E. Eternal sunshine of the spotless machine: Protecting privacy with ephemeral channels. In 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI (2012), pp. 61--75.

Digital Library

[9]

Garmany, B., and Müller, T. PRIME: private RSA infrastructure for memory-less encryption. In Annual Computer Security Applications Conference, ACSAC '13, New Orleans, LA, USA (2013), pp. 149--158.

Digital Library

[10]

Götzfried, J., and Müller, T. Mutual Authentication and Trust Bootstrapping towards Secure Disk Encryption. In Transactions on Information and System Security (TISSEC), vol. 17.

Digital Library

[11]

Götzfried, J., and Müller, T. ARMORED: cpu-bound encryption for android-driven ARM devices. In International Conference on Availability, Reliability and Security ARES (2013), pp. 161--168.

Digital Library

[12]

Guan, L., Lin, J., Luo, B., Jing, J., and Wang, J. Protecting private keys against memory disclosure attacks using hardware transactional memory. In 36th IEEE Symposium on Security and Privacy (2015).

Digital Library

[13]

Gutmann, P. Data remanence in semiconductor devices. In 10th USENIX Security Symposium, August 13--17, 2001, Washington, D.C., USA (2001).

Digital Library

[14]

Halderman, J. A., Schoen, S. D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J. A., Feldman, A. J., Appelbaum, J., and Felten, E. W. Lest We Remember: Cold Boot Attacks on Encryptions Keys. In 17th USENIX Security Symposium (2008).

Digital Library

[15]

Harrison, K., and Xu, S. Protecting cryptographic keys from memory disclosure attacks. In The 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2007 (2007).

Digital Library

[16]

Henson, M., and Taylor, S. Beyond full disk encryption: Protection on security-enhanced commodity processors. In Applied Cryptography and Network Security ACNS (2013), pp. 307--321.

Digital Library

[17]

Jürgen Pabel. Frozen Cache. http://frozenchache.blogspot.com/, Jan. 2009.

[18]

Kannan, J., and Chun, B. Making programs forget: Enforcing lifetime for sensitive data. In 13th Workshop on Hot Topics in Operating Systems, HotOS XIII, Napa, California, USA, May 9--11, 2011 (2011).

Digital Library

[19]

Latham, D. C. Department of Defense trusted computer system evaluation criteria. 1985.

[20]

McKeen, F., Alexandrovich, I., Berenzon, A., Rozas, C. V., Shafi, H., Shanbhogue, V., and Savagaonkar, U. R. Innovative instructions and software model for isolated execution. In Workshop on Hardware and Architectural Support for Security and Privacy HASP (2013).

Digital Library

[21]

Müller, T., Freiling, F., and Dewald, A. TRESOR Runs Encryption Securely Outside RAM. In 20th USENIX Security Symposium (Aug. 2011).

Digital Library

[22]

Müller, T., Taubmann, B., and Freiling, F. C. Trevisor - os-independent software-based full disk encryption secure against main memory attacks. In Applied Cryptography and Network Security ACNS, Singapore (2012), pp. 66--83.

Digital Library

[23]

Patrick Simmons. Security Through Amnesia: A Software-Based Solution to the Cold Boot Attack on Disk Encryption. CoRR abs/1104.4843 (2011).

[24]

Peterson, P. Cryptkeeper: Improving security with encrypted RAM. In Technologies for Homeland Security (HST) (Nov 2010), pp. 120--126.

[25]

Provos, N. Encrypting virtual memory. In 9th USENIX Security Symposium (2000).

Digital Library

[26]

Reardon, J., Basin, D. A., and Capkun, S. On secure data deletion. IEEE Security & Privacy (Oakland) 12, 3 (2014), 37--44.

[27]

Skorobogatov, S. P. Data remanence in flash memory devices. In Cryptographic Hardware and Embedded Systems CHES (2005), pp. 339--353.

Digital Library

[28]

Stewin, P., and Bystrov, I. Understanding DMA malware. In Detection of Intrusions and Malware, and Vulnerability Assessment DIMVA (2012), pp. 21--41.

Digital Library

Cited By

Olbort MSpiekermann DKeller J(2024)Manipulating the Swap Memory for Forensic InvestigationProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670887(1-6)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670887
Lim HKim JLee HLuo BLiao XXu JKirda ELie D(2024)uMMU: Securing Data Confidentiality with Unobservable Memory SubsystemProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690340(2993-3007)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690340
Zhang YCai QLi HLin JWang W(2024)mShield: Protecting In-process Sensitive Data Against Vulnerable Third-Party LibrariesSecurity and Privacy in Communication Networks10.1007/978-3-031-64948-6_25(496-513)Online publication date: 13-Oct-2024
https://doi.org/10.1007/978-3-031-64948-6_25
Show More Cited By

Index Terms

RamCrypt: Kernel-based Address Space Encryption for User-mode Processes
1. Information systems
  1. Data management systems
    1. Data structures
      1. Data layout
        Data encryption
2. Security and privacy
  1. Systems security
    1. Operating systems security

Recommendations

A method for safekeeping cryptographic keys from memory disclosure attacks
INTRUST'09: Proceedings of the First international conference on Trusted Systems

Security of cryptographic mechanisms is ultimately based on the assumption that cryptographic keys are kept (absolutely) secret. This assumption is very difficult to accommodate in real-world systems without special hardware. In this paper, we consider ...
Silent Shredder: Zero-Cost Shredding for Secure Non-Volatile Main Memory Controllers
ASPLOS '16

As non-volatile memory (NVM) technologies are expected to replace DRAM in the near future, new challenges have emerged. For example, NVMs have slow and power-consuming writes, and limited write endurance. In addition, NVMs have a data remanence ...
Silent Shredder: Zero-Cost Shredding for Secure Non-Volatile Main Memory Controllers
ASPLOS'16

As non-volatile memory (NVM) technologies are expected to replace DRAM in the near future, new challenges have emerged. For example, NVMs have slow and power-consuming writes, and limited write endurance. In addition, NVMs have a data remanence ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIA CCS '16: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security

May 2016

958 pages

ISBN:9781450342339

DOI:10.1145/2897845

General Chair:
Xiaofeng Chen
Xidian University, China
,
Program Chairs:
XiaoFeng Wang
Indiana University at Bloomington, USA
,
Xinyi Huang
Fujian Normal University, China

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 May 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Funding Sources

Deutsche Forschungsgemeinschaft

Conference

ASIA CCS '16

Sponsor:

SIGSAC

ASIA CCS '16: ACM Asia Conference on Computer and Communications Security

May 30 - June 3, 2016

Xi'an, China

Acceptance Rates

ASIA CCS '16 Paper Acceptance Rate 73 of 350 submissions, 21%;

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

17
Total Citations
View Citations
279
Total Downloads

Downloads (Last 12 months)26
Downloads (Last 6 weeks)1

Reflects downloads up to 12 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Olbort MSpiekermann DKeller J(2024)Manipulating the Swap Memory for Forensic InvestigationProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670887(1-6)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670887
Lim HKim JLee HLuo BLiao XXu JKirda ELie D(2024)uMMU: Securing Data Confidentiality with Unobservable Memory SubsystemProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690340(2993-3007)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690340
Zhang YCai QLi HLin JWang W(2024)mShield: Protecting In-process Sensitive Data Against Vulnerable Third-Party LibrariesSecurity and Privacy in Communication Networks10.1007/978-3-031-64948-6_25(496-513)Online publication date: 13-Oct-2024
https://doi.org/10.1007/978-3-031-64948-6_25
Wichmann PSee AFederrath H(2024)SecPassInput: Towards Secure Memory and Password Handling in Web ApplicationsICT Systems Security and Privacy Protection10.1007/978-3-031-56326-3_17(236-249)Online publication date: 24-Apr-2024
https://doi.org/10.1007/978-3-031-56326-3_17
Li CGuan LLin JLuo BCai QJing JWang J(2021)Mimosa: Protecting Private Keys Against Memory Disclosure Attacks Using Hardware Transactional MemoryIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2019.289766618:3(1196-1213)Online publication date: 1-May-2021
https://doi.org/10.1109/TDSC.2019.2897666
Franzen FAndreas MHuber MRoussev VThuraisingham BCarminati BKantarcioglu M(2020)FridgeLockProceedings of the Tenth ACM Conference on Data and Application Security and Privacy10.1145/3374664.3375747(215-219)Online publication date: 16-Mar-2020
https://dl.acm.org/doi/10.1145/3374664.3375747
Streit FFritz FBecher AWildermann SWerner SSchmidt-Korth MPschyklenk MTeich J(2020)Secure Boot from Non-Volatile Memory for Programmable SoC Architectures2020 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)10.1109/HOST45689.2020.9300126(102-110)Online publication date: 7-Dec-2020
https://doi.org/10.1109/HOST45689.2020.9300126
Santucci PIngrassia EPicierro GCesati M(2020)MemShield: GPU-Assisted Software Memory EncryptionApplied Cryptography and Network Security10.1007/978-3-030-57878-7_16(323-343)Online publication date: 29-Aug-2020
https://doi.org/10.1007/978-3-030-57878-7_16
Guan LCao CLiu PXing XGe XZhang SYu MJaeger T(2019)Building a Trustworthy Execution Environment to Defeat Exploits from both Cyber Space and Physical Space for ARMIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2018.286175616:3(438-453)Online publication date: 1-May-2019
https://doi.org/10.1109/TDSC.2018.2861756
Sartakov VKapitza R(2019)Protecting Secrets of Persistent Systems with Volatility2019 15th European Dependable Computing Conference (EDCC)10.1109/EDCC.2019.00027(89-96)Online publication date: Sep-2019
https://doi.org/10.1109/EDCC.2019.00027
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents