European Symposium on Research in Computer Security

Computer Security -- ESORICS 2015 pp 376-395 | Cite as

A Bytecode Interpreter for Secure Program Execution in Untrusted Main Memory

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9327)


Physical access to a system allows attackers to read out RAM through cold boot and DMA attacks. Thus far, counter measures protect only against attacks targeting disk encryption keys, while the remaining memory content is left vulnerable. We present a bytecode interpreter that protects code and data of programs against memory attacks by executing them without using RAM for sensitive content. Any program content within memory is encrypted, for which the interpreter utilizes TRESOR [1], a cold boot resistant implementation of the AES cipher. The interpreter was developed as a Linux kernel module, taking advantage of the CPU instruction sets AVX for additional registers, and AES-NI for fast encryption. We show that the interpreter is secure against memory attacks, and that the overall performance is only a factor of 4 times slower than the performance of Python. Moreover, the performance penalty is mostly induced by the encryption.


Coldboot Secure computation Encrypted bytecode 



This work was supported by the German Research Foundation (DFG) as part of the Transregional Collaborative Research Centre “Invasive Computing” (SFB/TR 89).


  1. 1.
    Müller, T., Freiling, F.C., Dewald, A.: Tresor runs encryption securely outside ram. In: Proceedings of the 20th USENIX Conference on Security (SEC 2011), pp. 17–17. USENIX Association, Berkeley (2011)Google Scholar
  2. 2.
    Alex Halderman, J., Schoen, S.D., Clarkson, W., Heninger, N., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest we remember: cold-boot attacks on encryption keys. Commun. ACM 52(5), 91–98 (2009). doi: 10.1145/1506409.1506429 CrossRefGoogle Scholar
  3. 3.
    Gruhn, M., Müller, T.: On the practicability of cold boot attacks. In IEEE Conference Publications, editor, Eighth International Conference on Availability, Reliability and Security (ARES), pp. 390–397 (2013)Google Scholar
  4. 4.
    A Guide to Understanding Data Remanence in Automated Information Systems. NCSC-TG-025, National Computer Security Centre, Sep 1991Google Scholar
  5. 5.
    Gutmann, P.: Data remanence in semiconductor devices. In: Proceedings of the 10th Conference on USENIX Security Symposium, SSYM 2001, vol. 10. USENIX Association, Berkeley (2001)Google Scholar
  6. 6.
    Skorobogatov, S.: Low temperature data remanence in static RAM. Technical report UCAM-CL-TR-536, University of Cambridge, Computer Laboratory, Jun 2002Google Scholar
  7. 7.
    Wyns, P., Anderson, R.L.: Low-temperature operation of silicon dynamic random-access memories. IEEE Trans. Electron. Devices 36(8), 1423–1428 (1989). doi: 10.1109/16.30954, ISSN 0018–9383
  8. 8.
    Becher, M., Dornseif, M., Klein, C.N.: FireWire: all your memory are belong to us. In: Proceedings of CanSecWest Applied Security Conference, Vancouver, British Columbia, Canada (2005)Google Scholar
  9. 9.
    Carrier, B.D., Grand, J.: A hardware-based memory acquisition procedure for digital investigations. Digital Invest. 1(1), 50–60 (2004)CrossRefGoogle Scholar
  10. 10.
    Pabel, J.: Frozen cache, Jan 2009.
  11. 11.
    Simmons, P.: Security through amnesia: a software-based solution to the cold boot attack on disk encryption. In: Proceedings of the 27th Annual Computer Security Applications Conference, ACSAC 2011, pp. 73–82. ACM, New York (2011). ISBN 978-1-4503-0672-0Google Scholar
  12. 12.
    Garmany, B., Müller, T.: PRIME: private RSA infrastructure for memory-less encryption (best paper award). In: Applied Computer Security Associates (ACSA) and ACM (eds.) Proceedings of the 29th Annual Computer Security Applications Conference (2013)Google Scholar
  13. 13.
    Guan, L., Lin, J., Luo, B., Jing, J.: Copker: Computing with private keys without ram. In: Network and Distributed System Security Symposium (NDSS) (2014)Google Scholar
  14. 14.
    McKeen, F., Alexandrovich, I., Berenzon, A., Rozas, C.V., Shafi, H., Shanbhogue, V., Savagaonkar, U.R.: Innovative instructions and software model for isolated execution. In: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, HASP 2013, pp. 10:1–10:1. ACM, New York (2013). doi: 10.1145/2487726.2488368, ISBN 978-1-4503-2118-1
  15. 15.
    Shi, Y., Casey, K., Anton Ertl, M., Gregg, D.: Virtual machine showdown: stack versus registers. ACM Trans. Archit. Code Optim. 4(4), 2:1–2:36 (2008). doi: 10.1145/1328195.1328197, ISSN 1544–3566
  16. 16.
    Lomont, C.: Introduction to Intel Advanced Vector Extensions. Intel Corporation, Jun 2011Google Scholar
  17. 17.
    National Institute for Standards and Technology. Recommendation for Block Cipher Modes of Operation, NIST Special Publication 800–38A edition, Dec 2001Google Scholar
  18. 18.
    Blass, E.-O., Robertson, W.: TRESOR-HUNT: attacking CPU-bound encryption. In: Proceedings of the 28th Annual Computer Security Applications Conference, ACSAC 2012, pp. 71–78. ACM, New York (2012). doi: 10.1145/2420950.2420961, ISBN 978-1-4503-1312-4
  19. 19.
    Götzfried, J., Müller, T.: ARMORED: CPU-bound encryption for android-driven ARM devices. In: Proceedings of the 2013 International Conference on Availability, Reliability and Security, ARES 2013, pp. 161–168. IEEE Computer Society, Washington, DC (2013). doi: 10.1109/ARES.2013.23, ISBN 978-0-7695-5008-4
  20. 20.
    Brenner, M., Wiebelitz, J., von Voigt, G., Smith, M.: Secret program execution in the cloud applying homomorphic encryption. In: 2011 Proceedings of the 5th IEEE International Conference on Digital Ecosystems and Technologies Conference (DEST), pp. 114–119, May 2011. doi: 10.1109/DEST.2011.5936608
  21. 21.
    Gentry, C.: A fully homomorphic encryption scheme. Ph.D. thesis, Stanford University (2009).
  22. 22.
    Duc, G., Keryell, R.: CryptoPage: an efficient secure architecture with memory encryption, integrity and information leakage protection. In: 22nd Annual Computer Security Applications Conference, ACSAC 2006, pp. 483–492, Dec 2006. doi: 10.1109/ACSAC.2006.21
  23. 23.
    Henson, M., Taylor, S.: Beyond full disk encryption: protection on security-enhanced commodity processors. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 307–321. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  24. 24.
    Peterson, P.A.H.: Cryptkeeper: Improving security with encrypted RAM. In: 2010 IEEE International Conference on Technologies for Homeland Security (HST), pp. 120–126, Nov 2010. doi: 10.1109/THS.2010.5655081
  25. 25.
    Breuer, P.T., Bowen, J.P.: A fully homomorphic crypto-processor design: correctness of a secret computer. In: Jürjens, J., Livshits, B., Scandariato, R. (eds.) ESSoS 2013. LNCS, vol. 7781, pp. 123–138. Springer, Heidelberg (2013) CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Maximilian Seitzer
    • 1
  • Michael Gruhn
    • 1
  • Tilo Müller
    • 1
  1. 1.Department of Computer ScienceFriedrich-Alexander University Erlangen-NürnbergErlangenGermany

Personalised recommendations