{"title":"Cryptkeeper: Improving security with encrypted RAM","authors":"P. Peterson","doi":"10.1109/THS.2010.5655081","DOIUrl":null,"url":null,"abstract":"Random Access Memory (RAM) was recently shown to be vulnerable to physical attacks exposing the totality of memory, including user data and encryption keys. We present Cryptkeeper, a novel software-encrypted virtual memory manager that mitigates data exposure when used with a secure key-hiding mechanism. Cryptkeeper significantly reduces the amount of cleartext data in memory by dividing RAM into a smaller, cleartext working set and a larger, encrypted area. This extends the standard memory model and provides encrypted swap as a side effect. Despite a 9x slowdown in pathological cases, target applications such as Firefox are only 9% slower with our Linux-based prototype. We also identify several optimizations which can significantly improve performance. Cryptkeeper enables the expression of new security policies for memory, and demonstrates that modern personal computers can perform heavy-duty work on behalf of operating systems with surprisingly low overhead.","PeriodicalId":106557,"journal":{"name":"2010 IEEE International Conference on Technologies for Homeland Security (HST)","volume":"598 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-12-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"57","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 IEEE International Conference on Technologies for Homeland Security (HST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/THS.2010.5655081","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 57
Abstract
Random Access Memory (RAM) was recently shown to be vulnerable to physical attacks exposing the totality of memory, including user data and encryption keys. We present Cryptkeeper, a novel software-encrypted virtual memory manager that mitigates data exposure when used with a secure key-hiding mechanism. Cryptkeeper significantly reduces the amount of cleartext data in memory by dividing RAM into a smaller, cleartext working set and a larger, encrypted area. This extends the standard memory model and provides encrypted swap as a side effect. Despite a 9x slowdown in pathological cases, target applications such as Firefox are only 9% slower with our Linux-based prototype. We also identify several optimizations which can significantly improve performance. Cryptkeeper enables the expression of new security policies for memory, and demonstrates that modern personal computers can perform heavy-duty work on behalf of operating systems with surprisingly low overhead.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
