TY - GEN
T1 - CryptMe
T2 - 21st International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2018
AU - Cao, Chen
AU - Guan, Le
AU - Zhang, Ning
AU - Gao, Neng
AU - Lin, Jingqiang
AU - Luo, Bo
AU - Liu, Peng
AU - Xiang, Ji
AU - Lou, Wenjing
N1 - Publisher Copyright:
© Springer Nature Switzerland AG 2018.
PY - 2018
Y1 - 2018
N2 - Sensitive data (e.g., passwords, health data and private videos) can be leaked due to many reasons, including (1) the misuse of legitimate operating system (OS) functions such as core dump, swap and hibernation, and (2) physical attacks to the DRAM chip such as cold-boot attacks and DMA attacks. While existing software-based memory encryption is effective in defeating physical attacks, none of them can prevent a legitimate OS function from accidentally leaking sensitive data in the memory. This paper introduces CryptMe that integrates memory encryption and ARM TrustZone-based memory access controls to protect sensitive data against both attacks. CryptMe essentially extends the Linux kernel with the ability to accommodate the execution of unmodified programs in an isolated execution domain (to defeat OS function misuse), and at the same time transparently encrypt sensitive data appeared in the DRAM chip (to defeat physical attacks). We have conducted extensive experiments on our prototype implementation. The evaluation results show the efficiency and added security of our design.
AB - Sensitive data (e.g., passwords, health data and private videos) can be leaked due to many reasons, including (1) the misuse of legitimate operating system (OS) functions such as core dump, swap and hibernation, and (2) physical attacks to the DRAM chip such as cold-boot attacks and DMA attacks. While existing software-based memory encryption is effective in defeating physical attacks, none of them can prevent a legitimate OS function from accidentally leaking sensitive data in the memory. This paper introduces CryptMe that integrates memory encryption and ARM TrustZone-based memory access controls to protect sensitive data against both attacks. CryptMe essentially extends the Linux kernel with the ability to accommodate the execution of unmodified programs in an isolated execution domain (to defeat OS function misuse), and at the same time transparently encrypt sensitive data appeared in the DRAM chip (to defeat physical attacks). We have conducted extensive experiments on our prototype implementation. The evaluation results show the efficiency and added security of our design.
UR - http://www.scopus.com/inward/record.url?scp=85053911061&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85053911061&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-00470-5_18
DO - 10.1007/978-3-030-00470-5_18
M3 - Conference contribution
AN - SCOPUS:85053911061
SN - 9783030004699
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 380
EP - 400
BT - Research in Attacks, Intrusions, and Defenses - 21st International Symposium, RAID 2018, Proceedings
A2 - Bailey, Michael
A2 - Ioannidis, Sotiris
A2 - Stamatogiannakis, Manolis
A2 - Holz, Thorsten
PB - Springer Verlag
Y2 - 10 September 2018 through 12 September 2018
ER -