Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

TransCrypt: Transparent main memory encryption using a minimal ARM hypervisor

 
: Horsch, J.; Huber, M.; Wessel, S.

:

Institute of Electrical and Electronics Engineers -IEEE-:
16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017 : 1-4 August 2017, Sydney, Australia : proceedings
Piscataway, NJ: IEEE, 2017
ISBN: 978-1-5090-4906-6
ISBN: 978-1-5090-4905-9
ISBN: 978-1-5090-4907-3
S.152-161
International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) <16, 2017, Sydney>
International Conference on Big Data Science and Engineering (BigDataSE) <11, 2017, Sydney>
International Conference on Embedded Software and Systems (ICESS) <14, 2017, Sydney>
Englisch
Konferenzbeitrag
Fraunhofer AISEC ()

Abstract
Attacks on memory, revealing secrets, for example, via DMA or cold boot, are a long known problem. In this paper, we present TransCrypt, a concept for transparent and guest-agnostic, dynamic kernel and user main memory encryption using a custom minimal hypervisor. The concept utilizes the address translation features provided by hardware-based virtualization support of modern CPUs to restrict the guest to a small working set of recently accessed physical pages. The rest of the pages, which constitute the majority of memory, remain securely encrypted. Furthermore, we present a transparent and guest-agnostic mechanism for recognizing pages to be excluded from encryption to still ensure correct system functionality, for example, for pages shared with peripheral devices. The detailed evaluation using our fully functional prototype on an ARM Cortex-A15 development board running Android shows that TransCrypt is able to effectively protect secrets in memory while keeping the p erformance impact small. For example, the system is able to keep the E-mail account password of a typical user in the Android mail app's memory encrypted 98.99% of the time, while still reaching 81.7% and 99.8% of native performance in different benchmarks.

: http://publica.fraunhofer.de/dokumente/N-502593.html