CryptMe: Data leakage prevention for unmodified programs on ARM devices

Chen Cao, Le Guan, Ning Zhang, Neng Gao, Jingqiang Lin, Bo Luo, Peng Liu, Ji Xiang, Wenjing Lou

Research output: Chapter in Book/Report/Conference proceedingConference contribution

14 Scopus citations

Abstract

Sensitive data (e.g., passwords, health data and private videos) can be leaked due to many reasons, including (1) the misuse of legitimate operating system (OS) functions such as core dump, swap and hibernation, and (2) physical attacks to the DRAM chip such as cold-boot attacks and DMA attacks. While existing software-based memory encryption is effective in defeating physical attacks, none of them can prevent a legitimate OS function from accidentally leaking sensitive data in the memory. This paper introduces CryptMe that integrates memory encryption and ARM TrustZone-based memory access controls to protect sensitive data against both attacks. CryptMe essentially extends the Linux kernel with the ability to accommodate the execution of unmodified programs in an isolated execution domain (to defeat OS function misuse), and at the same time transparently encrypt sensitive data appeared in the DRAM chip (to defeat physical attacks). We have conducted extensive experiments on our prototype implementation. The evaluation results show the efficiency and added security of our design.

Original languageEnglish (US)
Title of host publicationResearch in Attacks, Intrusions, and Defenses - 21st International Symposium, RAID 2018, Proceedings
EditorsMichael Bailey, Sotiris Ioannidis, Manolis Stamatogiannakis, Thorsten Holz
PublisherSpringer Verlag
Pages380-400
Number of pages21
ISBN (Print)9783030004699
DOIs
StatePublished - 2018
Event21st International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2018 - Heraklion, Greece
Duration: Sep 10 2018Sep 12 2018

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11050 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other21st International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2018
Country/TerritoryGreece
CityHeraklion
Period9/10/189/12/18

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'CryptMe: Data leakage prevention for unmodified programs on ARM devices'. Together they form a unique fingerprint.

Cite this