OS-Independent Software-Based Full Disk Encryption Secure against Main Memory Attacks
  • Tilo Müller
  • Benjamin Taubmann
  • Felix C. Freiling
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7341)


Software-based disk encryption techniques store necessary keys in main memory and are therefore vulnerable to DMA and cold boot attacks which can acquire keys from RAM. Recent research results have shown operating system dependent ways to overcome these attacks. For example, the TRESOR project patches Linux to store AES keys solely on the microprocessor. We present TreVisor, the first software-based and OS-independent solution for full disk encryption that is resistant to main memory attacks. It builds upon BitVisor, a thin virtual machine monitor which implements various security features. Roughly speaking, TreVisor adds the encryption facilities of TRESOR to BitVisor, i. e., we move TRESOR one layer below the operating system into the hypervisor such that secure disk encryption runs transparently for the guest OS. We have tested its compatibility with both Linux and Windows and show positive security and performance results.


Advance Encryption Standard Trust Platform Module Virtual Machine Monitor Guest Operating System USENIX Security Symposium 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Abramson, D., Jackson, J., Muthrasanallur, S., Neiger, G., Regnier, G., Sankaran, R., Schoinas, I., Uhlig, R., Vembu, B., Wieger, J.: Intel Virtualization Technology for Directed I/O. Intel Technology Journal 10 (August 2006)Google Scholar
  2. 2.
    Aedla, J.: Linux Kernel CVE-2012-0056 Local Privilege Escalation Vulnerability (January 2012); Common Vulnerabilities and Exposures,
  3. 3.
    Becher, M., Dornseif, M., Klein, C.N.: FireWire - All Your Memory Are Belong To Us. In: Proceedings of the Annual CanSecWest Applied Security Conference, Vancouver, British Columbia, Canada. Laboratory for Dependable Distributed Systems, RWTH Aachen University (2005)Google Scholar
  4. 4.
    Böck, B.: Firewire-based Physical Security Attacks on Windows 7, EFS and BitLocker. Secure Business Austria Research Lab (August 2009)Google Scholar
  5. 5.
    Carrier, B.D., Spafford, E.H.: Getting Physical with the Digital Investigation Process. IJDE 2(2) (2003)Google Scholar
  6. 6.
    Carbone, Bean, Salois: An in-depth analysis of the cold boot attack. Technical report, DRDC Valcartier, Defence Research and Development, Canada, Technical Memorandum (January 2011)Google Scholar
  7. 7.
    Cardwell, M.: Protecting a Laptop from Simple and Sophisticated Attacks (August 2011),
  8. 8.
    Devine, C., Vissian, G.: Compromission physique par le bus PCI. In: Proceedings of SSTIC 2009. Thales Security Systems (June 2009)Google Scholar
  9. 9.
    Gueron, S.: Intel’s New AES Instructions for Enhanced Performance and Security. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 51–66. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  10. 10.
    Halderman, J.A., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest We Remember: Cold Boot Attacks on Encryptions Keys. In: Proceedings of the 17th USENIX Security Symposium, San Jose, CA, pp. 45–60. Princeton University, USENIX Association (2008)Google Scholar
  11. 11.
    Hulton, D.: Cardbus Bus-Mastering: 0wning the Laptop. In: Proceedings of ShmooCon 2006, Washington DC, USA (January 2006)Google Scholar
  12. 12.
    Intel Corporation. Intel 64 and IA-32 Architectures Developer’s Manual, Combined Volumes: 1, 2A, 2B, 2C, 3A, 3B and 3C edition (December 2011)Google Scholar
  13. 13.
  14. 14.
    Rutkowska, J.: Evil Maid goes after TrueCrypt. The Invisible Things Lab (October 2009),
  15. 15.
    Johnson, C.: Protection of Sensitive Agency Information. U.S. Executive Office of the President, Washington, D.C. 20503 (June 2006)Google Scholar
  16. 16.
    Pabel, J.: Frozen Cache (January 2009),
  17. 17.
    Microsoft Corporation. Windows BitLocker Drive Encryption: Technical Overview. Microsoft (July 2009)Google Scholar
  18. 18.
    Müller, T., Dewald, A., Freiling, F.: AESSE: A Cold-Boot Resistant Implementation of AES. In: Proceedings of the Third European Workshop on System Security (EUROSEC), Paris, France, pp. 42–47. RWTH Aachen / Mannheim University, ACM (April 2010)Google Scholar
  19. 19.
    Müller, T., Freiling, F., Dewald, A.: TRESOR Runs Encryption Securely Outside RAM. In: 20th USENIX Security Symposium, San Francisco, California. University of Erlangen-Nuremberg, USENIX Association (August 2011)Google Scholar
  20. 20.
    Osvik, D.A., Shamir, A., Tromer, E.: Cache Attacks and Countermeasures: The Case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  21. 21.
    Panholzer, P.: Physical Security Attacks on Windows Vista. Technical report. SEC Consult Vulnerability Lab, Vienna (May 2008)Google Scholar
  22. 22.
    Parker, T.P., Xu, S.: A Method for Safekeeping Cryptographic Keys from Memory Disclosure Attacks. In: Chen, L., Yung, M. (eds.) INTRUST 2009. LNCS, vol. 6163, pp. 39–59. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  23. 23.
    Simmons, P.: Security Through Amnesia: A Software-Based Solution to the Cold Boot Attack on Disk Encryption. CoRR, abs/1104.4843. University of Illinois at Urbana-Champaign (2011)Google Scholar
  24. 24.
    Ponemon, L.: 2010 Annual Study: U.S. Enterprise Encryption Trends. Ponemon Institute, Symantec (2010)Google Scholar
  25. 25.
    Graham, R.D.: Thunderbolt: Introducing a new way to hack Macs. Errata Security, (February 2011)
  26. 26.
    Sacco, A.L., Ortega, A.A.: Persistent BIOS Infection: The early bird catches the worm. In: Proceedings of the Annual CanSecWest Applied Security Conference, Vancouver, British Columbia, Canada. Core Security Technologies (2009)Google Scholar
  27. 27.
    Gueron, S.: Intel Advanced Encryption Standard (AES) Instruction Set White Paper. Intel Corporation, Rev. 3.0 edn. Intel Mobility Group, Israel Development Center (January 2010)Google Scholar
  28. 28.
    Shinagawa, T., Eiraku, H., Omote, K., Hasegawa, S., Hirano, M., Kourai, K., Oyama, Y., Kawai, E., Kono, K., Chiba, S., Shinjo, Y., Kato, K.: In: International Conference on Virtual Execution Environments, Washington, DC, USA. University of Tsukuba (March 2009)Google Scholar
  29. 29.
    Richard Stallman and Jerry Cohen. GNU General Public License Version 2. Free Software Foundation (June 1991)Google Scholar
  30. 30.
    TrueCrypt Foundation. TrueCrypt: Free Open-Source Disk Encryption Software for Windows, Mac OS and Linux (2010),

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Tilo Müller
    • 1
  • Benjamin Taubmann
    • 1
  • Felix C. Freiling
    • 1
  1. 1.Department of Computer ScienceFriedrich-Alexander University of Erlangen-NurembergGermany

Personalised recommendations