Beyond Full Disk Encryption: Protection on Security-Enhanced Commodity Processors

  • Michael Henson
  • Stephen Taylor
Conference paper

DOI: 10.1007/978-3-642-38980-1_19

Volume 7954 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Henson M., Taylor S. (2013) Beyond Full Disk Encryption: Protection on Security-Enhanced Commodity Processors. In: Jacobson M., Locasto M., Mohassel P., Safavi-Naini R. (eds) Applied Cryptography and Network Security. ACNS 2013. Lecture Notes in Computer Science, vol 7954. Springer, Berlin, Heidelberg

Abstract

Modern computer systems exhibit a major weakness in that code and data are stored in the clear, unencrypted, within random access memory. As a result, numerous vulnerabilities exist at every level of the software stack. These vulnerabilities have been exploited to gather confidential information (e.g. encryption keys) and inject malicious code to overcome access controls and other protections. Full memory encryption (FME) would mitigate the vulnerabilities but the CPU-memory bottleneck presents a significant challenge to designing a usable system with acceptable overheads. Recently, security hardware, including encryption engines, has been integrated on-chip within commodity processors such as the Intel i7, AMD bulldozer, and multiple ARM variants. This paper describes on-going work to develop and measure a clean-slate operating system – Bear – that leverages on-chip encryption to provide confidentiality of code and data. While Bear operates on multiple platforms, memory encryption work is focused on the Freescale i.MX535 (ARM Cortex A8) using its integrated encryption engine.

Keywords

Memory encryption data in use security-enhanced commodity processors secure microkernel mobile platform security 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Michael Henson
    • 1
  • Stephen Taylor
    • 1
  1. 1.Thayer School of EngineeringDartmouth CollegeUSA