trusted memory
play

TRUSTED MEMORY Software-Based O-Chip Memory Protection for RISC-V - PowerPoint PPT Presentation

Nov 02, 2022 •206 likes •703 views

TRUSTED MEMORY Software-Based O-Chip Memory Protection for RISC-V Trusted Execution Environments Gui Andrade Krste Asanovi Dayeol Lee David Kohlbrenner Dawn Song University of California, Berkeley TRUSTED MEMORY? Securing data/code

  1. TRUSTED MEMORY Software-Based O�-Chip Memory Protection for RISC-V Trusted Execution Environments Gui Andrade Krste Asanović Dayeol Lee David Kohlbrenner Dawn Song University of California, Berkeley

  2. TRUSTED MEMORY? Securing data/code against snooping/reverse-engineering Cryptographic keys Personally identifiable information Proprietary algorithms Code obscurity Biometric data (defense-in-depth)

  3. TRUSTED MEMORY? Two security domains of system memory: on-chip and ofg-chip . On-chip presumed secure , ofg-chip not quite

  4. TRUSTED MEMORY? Two security domains of system memory: on-chip and ofg-chip . On-chip presumed secure , O�-chip memory On-chip memory ofg-chip not quite a determined extremely di�cult hobbyist (!) could (expensive) to compromise compromise

  5. TRUSTED MEMORY? Two security domains of system memory: on-chip and ofg-chip . On-chip presumed secure , O�-chip memory ofg-chip not quite On-chip memory some gigabytes of some megabytes of storage storage

  6. TRUSTED MEMORY? (to scale) On-chip RAM Two security domains of system memory: on-chip and ofg-chip . Ofg-chip RAM On-chip presumed secure , ofg-chip not quite Hifive Unleashed

  7. also, who’s this Determined Hobbyist?

  8. also, who’s this Determined Hobbyist? the person trying to dump their game console RAM (“neimod” soldered FPGA I/O to this Nintendo 3DS’s memory bus)

  9. Problems Confidentiality Integrity “can an attacker “can an attacker secretly read my data?” change my data?” chonge

  10. Today Keystone Framework intro 1 Prior art in Intel SGX 2 Protected paging 3 Evaluation 4 Conclusion 5

  11. Our Toolset?

  12. an extensible, customizable Trusted Execution Environment framework for RISC-V

  13. Trusted Execution Other Apps Environments Ring 3 RAM OS / Hypervisor Ring 0 - 2 Trustworthy Hardware

  14. Trusted Execution Other Apps Environments Ring 3 RAM OS / Hypervisor Ring 0 - 2 Trustworthy Trusted Hardware Untrusted

  15. Trusted Sensitive Execution Other App Apps Enclave Environments Ring 3 RAM OS / Hypervisor Ring 0 - 2 Enclave Memory Trustworthy Trusted Hardware Untrusted

  16. Trusted Sensitive Execution Other App Apps Enclave Environments Ring 3 RAM OS / Hypervisor Ring 0 - 2 Integrity Enclave Memory Confidentiality Trustworthy Trusted Hardware Remote Attestation Untrusted

  17. Trusted ML Execution Training/ Competitor Inference Environments Ring 3 RAM Cloud provider Ring 0 - 2 Integrity Enclave Memory Confidentiality Trustworthy Trusted Hardware Remote Attestation Untrusted

  18. Perfect! but... Sensitive Other App Apps Enclave Ring 3 RAM On-chip memory OS / Hypervisor some megabytes of Ring 0 - 2 storage Enclave Memory Trusted Untrusted

  19. Perfect! but... Sensitive Other App Apps Enclave Ring 3 RAM On-chip memory OS / Hypervisor exhausted very Ring 0 - 2 quickly Enclave Memory Trusted Untrusted

  20. Perfect! but... Sensitive Other App Apps demand paging Enclave Ring 3 RAM On-chip memory OS / Hypervisor exhausted very Ring 0 - 2 quickly Enclave Memory Trusted Untrusted

  21. Problems Confidentiality Integrity “can an attacker “can an attacker secretly read my pages?” change my pages?” chonge

  22. Solutions Encryption Hashing any outbound pages any inbound pages have are encrypted their hashes checked

  23. Precedent Confidentiality Integrity Intel’s Secure Guard Extensions solve in hardware

  24. Precedent Confidentiality Integrity Modified Carter-Wegman AES-CTR, 128-bit MAC, 56-bit 512b block granularity Version counters Merkle tree for replay hash storage protection

  25. A Software Approach for commodity RISC-V hardware Confidentiality Integrity AES-CTR, 256-bit SHA256 page size granularity Version counters Merkle tree (multiple for replay hash storage of 4096b) protection

  26. The Scheme s_hash := sha(s)

  27. The Scheme s_hash := sha(s) s_enc := aes(s)

  28. The Scheme s_hash := sha(s) s_enc := aes(s) d_dec := aes(d)

  29. The Scheme s_hash := sha(s) s_enc := aes(s) d_dec := aes(d) d_hash := aes(d_dec)

  30. The Scheme s_hash := sha(s) s_enc := aes(s) d_dec := aes(d) d_hash := aes(d_dec) check_hash(d_hash)

  31. The Scheme s_hash := sha(s) s_enc := aes(s) d_dec := aes(d) d_hash := aes(d_dec) check_hash(d_hash) store_hash(s_hash)

  32. The Why a tree? Scheme Array of page hashes too big (wasteful) for s_hash := sha(s) s_enc := aes(s) on-chip memory d_dec := aes(d) d_hash := aes(d_dec) Move it o�-chip check_hash(d_hash) store_hash(s_hash)

  33. The Why a tree? Scheme O �-chip hashes s_hash := sha(s) s_enc := aes(s) Untrusted hashes? d_dec := aes(d) d_hash := aes(d_dec) check_hash(d_hash) store_hash(s_hash)

  34. Problems Confidentiality Integrity “can an attacker “can an attacker secretly read my hashes?” change my hashes?” chonge

  35. Solutions Don’t care! More hashing! cryptographic hash the hash hashes leak no store, keep the information root hash safe

  36. Hashing Resident pages Enclave memory the store Hash store sha(p1) sha(p1) sha(p2) sha(p3) sha(p4) sha(p5) sha(p6) sha(p7) Trusted world Original plan: Keep nonresident page hashes in Non-resident secure memory User OS pages Problem: On-chip memory too valuable! Untrusted world

  37. Hashing Resident pages Enclave memory the store Root hash sha(hash store) Trusted world Solution: Move store ofg-chip, check its Non-resident integrity during User OS pages page swaps Problem: Hash store Hashing the entire sha(p1) sha(p1) sha(p2) sha(p3) sha(p4) sha(p5) sha(p6) sha(p7) store wastes CPU Untrusted world cycles

  38. Hashing Resident pages Enclave memory the store Root hash sha(left block || right block) Trusted world Solution: - Split hash store - Hash left or right Non-resident side as needed User OS pages - Propagate to root Hash store Problem: Hashing half of sha(p1) sha(p1) sha(p2) sha(p3) sha(p4) sha(p5) sha(p6) sha(p7) store still too much Untrusted world for one page swap

  39. Hashing Resident pages Enclave memory the store Root hash sha(left node || right node) Trusted world Solution: - Recursive splits - Hash only the Non-resident relevant leaf User OS pages - Propagate to root Hash store sha(left block || right block) sha(left block || right block) This tree structure is called a Merkle Tree . sha(p1) sha(p1) sha(p2) sha(p3) sha(p4) sha(p5) sha(p6) sha(p7) Untrusted world

  40. Hashing Resident pages Enclave memory the store Root hash sha(left node || right node) Trusted world Merkle tree tradeofgs: - Very little secure memory usage Non-resident - Deeper tree needs Hash store User OS sha(left node || right node) sha(left node || right node) pages more insecure mem - Deeper tree hashes sha(left || right) sha(left || right) sha(left || right) sha(left || right) fewer bytes total - Deeper tree needs sha(p1) sha(p1) sha(p2) sha(p3) sha(p4) sha(p5) sha(p6) sha(p7) more hash passes Untrusted world

  41. Evaluation Software memory protection feasible, with appreciable overhead. Optimizations pending; current implementation conservative with security guarantees

  42. Evaluation With effjcient paging infrastructure, even unoptimized protection routines could be viable.

  43. Evaluation Unfortunately, paging currently accounts for huge runtime overheads

  44. Conclusion Protected paging appropriate for security-critical , speed-flexible operations Specifically, ones under secure memory pressure

  45. Conclusion Protected paging lays groundwork for other space optimizations - Free up L2 cache when enclave is idle - Balance on-chip memory among several enclaves

  46. A Flexible Approach

  47. Conclusion Software protections need no special IP blocks! Frees up die area for cost constrained hardware

  48. Conclusion Software protections are complemented by special IP blocks! One scheme parametrizable over many hardware configurations

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Trust Me An exploration of @trusted code in D Steven Schveigho ff er - DConf Online 2020 Code:

Trust Me An exploration of @trusted code in D Steven Schveigho ff er - DConf Online 2020 Code:

Trust Me An exploration of @trusted code in D Steven Schveigho ff er - DConf Online 2020 Code: https://github.com/schveiguy/dconf2020 Memory Safety! Memory Safety Real Problems Source:

858 views • 51 slides
Trusted Caregivers, On Demand An app that provides a marketplace of trusted, convenient, and

Trusted Caregivers, On Demand An app that provides a marketplace of trusted, convenient, and

Trusted Caregivers, On Demand An app that provides a marketplace of trusted, convenient, and affordable caregivers to families on demand. Why create RestUp? Americans provide $470 Billion in unpaid care in 2015. Emergency Staffing

324 views • 8 slides
Memory II. Memory improvement III. Problems with memory 3 systems/stages of Memory: memory

Memory II. Memory improvement III. Problems with memory 3 systems/stages of Memory: memory

Main Focus I. Memory as a process Memory II. Memory improvement III. Problems with memory 3 systems/stages of Memory: memory the process by which I. Sensory Memory information is - acquired, II. Short -Term Memory - stored,

169 views • 5 slides
Your Trusted China Partner Market Overview Your Trusted Partner in China Source: McKinsey &

Your Trusted China Partner Market Overview Your Trusted Partner in China Source: McKinsey &

Chinas Dietary Supplement Industry Market Insights Natural Products Expo West March 11, 2017 Your Trusted China Partner Market Overview Your Trusted Partner in China Source: McKinsey & Company Your Trusted Partner in China Consumer

409 views • 29 slides
1 Memory SoC Persistent Memory-Driven Memory Memory Processor-Centric Memory SoC SoC

1 Memory SoC Persistent Memory-Driven Memory Memory Processor-Centric Memory SoC SoC

1 Memory SoC Persistent Memory-Driven Memory Memory Processor-Centric Memory SoC SoC Computing Computing + Fabric SoC Memory HYPERCONVERGED Exascale EDGE DEVICE SYSTEM Eliminate data movement via shared

400 views • 11 slides
Trusted Platform Module Dries Schellekens COSIC, KU Leuven Nomenclature Trusted versus

Trusted Platform Module Dries Schellekens COSIC, KU Leuven Nomenclature Trusted versus

Trusted Platform Module Dries Schellekens COSIC, KU Leuven Nomenclature Trusted versus trustworthy RFC 4949 (Internet Security Glossary) Trust : A feeling of certainty (sometimes based on inconclusive evidence) either (a) that the system

788 views • 33 slides
for TPM API Aybek Mukhamedov, Andy Gordon and Mark Ryan Trusted Platform Module Trusted

for TPM API Aybek Mukhamedov, Andy Gordon and Mark Ryan Trusted Platform Module Trusted

Towards Verified C specification for TPM API Aybek Mukhamedov, Andy Gordon and Mark Ryan Trusted Platform Module Trusted Computing, an initiative by major IT vendors Functions: integrity measurement, reporting & protected storage

374 views • 16 slides
Trusted Execution Environments on Mobile Devices ACM CCS 2013 tutorial Jan-Erik Ekberg, Trustonic

Trusted Execution Environments on Mobile Devices ACM CCS 2013 tutorial Jan-Erik Ekberg, Trustonic

Trusted Execution Environments on Mobile Devices ACM CCS 2013 tutorial Jan-Erik Ekberg, Trustonic Kari Kostiainen, ETH Zurich N. Asokan, University of Helsinki and Aalto University What is a TEE? Processor, memory, storage, peripherals

1.23k views • 112 slides
Trusted Mobile Platforms: Part 1: An introduction to trusted computing Chris Mitchell Royal

Trusted Mobile Platforms: Part 1: An introduction to trusted computing Chris Mitchell Royal

Trusted Mobile Platforms: Part 1: An introduction to trusted computing Chris Mitchell Royal Holloway, University of London c.mitchell@rhul.ac.uk http://www.isg.rhul.ac.uk/~cjm Contents What is trusted computing? The TCG TCG

1.43k views • 114 slides
UMBC M A L F T U M B C I O M Y O T R 1 (April 10, 2000 12:36 pm) I E S R C

UMBC M A L F T U M B C I O M Y O T R 1 (April 10, 2000 12:36 pm) I E S R C

Systems Programming 8086/88 Memory Interface II CMPE 310 Memory Address Decoding The processor can usually address a memory space that is much larger than the memory space covered by an individual memory chip. In order to splice a memory device

713 views • 21 slides
Chapter 10 Trusted Computing Trusted Computing Chapter 10 and Multilevel Security and

Chapter 10 Trusted Computing Trusted Computing Chapter 10 and Multilevel Security and

Computer S ecurity: Principles and Practice Chapter 10 Trusted Computing Trusted Computing Chapter 10 and Multilevel Security and Multilevel Security First Edition by William S tallings and Lawrie Brown Lecture slides by Lawrie

636 views • 40 slides
Four Layers to Build a Four Layers to Build a Trusted Architecture Trusted Architecture Danny

Four Layers to Build a Four Layers to Build a Trusted Architecture Trusted Architecture Danny

Trusted Architecture for Trusted Architecture for Securely Shared Services Securely Shared Services Four Layers to Build a Four Layers to Build a Trusted Architecture Trusted Architecture Danny De Cock K.U.Leuven ESAT/COSIC

369 views • 17 slides
1 Brenda Milner 1918 There are Two Major Forms of Long Term Memory Explicit (Declarative)

1 Brenda Milner 1918 There are Two Major Forms of Long Term Memory Explicit (Declarative)

The Study of Memory Has Two Parts: Cellular Mechanisms of Learning (1) The Systems Problem of Memory: Where in the brain is memory stored? and the Biological Basis of Individuality (2) The Molecular Problem of Memory: How is memory stored at

536 views • 8 slides
A BAD DREAM: SUBVERTING TRUSTED PLATFORM MODULE WHILE YOU ARE SLEEPING Seunghun Han, Wook Shin,

A BAD DREAM: SUBVERTING TRUSTED PLATFORM MODULE WHILE YOU ARE SLEEPING Seunghun Han, Wook Shin,

A BAD DREAM: SUBVERTING TRUSTED PLATFORM MODULE WHILE YOU ARE SLEEPING Seunghun Han, Wook Shin, Jun-Hyeok Park, and HyoungChun Kim, National Security Research Institute BACKGROUND Trusted Computing Group (TCG) Trusted Platform Module

375 views • 19 slides
Protecting Memory What is there to protect in memory? Page tables and virtual memory

Protecting Memory What is there to protect in memory? Page tables and virtual memory

Protecting Memory What is there to protect in memory? Page tables and virtual memory protection Special security issues for memory Buffer overflows Lecture 8 Page 1 CS 236 Online What Is In Memory? Executable code

401 views • 24 slides
Access Control Casey Schaufler August 2010 Casey Schaufler Trusted Solaris, Trusted Irix,

Access Control Casey Schaufler August 2010 Casey Schaufler Trusted Solaris, Trusted Irix,

File Content Based Access Control Casey Schaufler August 2010 Casey Schaufler Trusted Solaris, Trusted Irix, Linux LSM Various Government Efforts Trusix, CMM, CHATS Standards P1003.1e/2c, TSIG Smack Linux Security Module

497 views • 30 slides
Dual Status A foreign citizen is a dual status individual if, in one taxable year, he is

Dual Status A foreign citizen is a dual status individual if, in one taxable year, he is

Dual Status A foreign citizen is a dual status individual if, in one taxable year, he is both a U.S. resident and a non resident. A dual status taxpayer is taxable as though his tax year was comprised of two separate periods, one

311 views • 4 slides
CRITERIA FOR YEAR 2 OF THE QUALITY PAYMENT PROGRAM (2018) Disclaimers This presentation was

CRITERIA FOR YEAR 2 OF THE QUALITY PAYMENT PROGRAM (2018) Disclaimers This presentation was

PARTICIPATION CRITERIA FOR YEAR 2 OF THE QUALITY PAYMENT PROGRAM (2018) Disclaimers This presentation was prepared as a tool to assist providers and is not intended to grant rights or impose obligations. Although every reasonable effort has

1.01k views • 63 slides
Welcome! We will be starting soon. The Low-Income Forum on Energy Presents: Creating a Nonprofit

Welcome! We will be starting soon. The Low-Income Forum on Energy Presents: Creating a Nonprofit

Welcome! We will be starting soon. The Low-Income Forum on Energy Presents: Creating a Nonprofit Hub for Energy Assistance Jennifer Gremmert, Energy Outreach Colorado January 19, 2017 1:30 p.m. 2:30 p.m. ET Working to help low-income New

700 views • 36 slides
Community Facilities Direct Loans Guaranteed Loans Grant Programs Where? Eligible Rural Areas

Community Facilities Direct Loans Guaranteed Loans Grant Programs Where? Eligible Rural Areas

Community Facilities Direct Loans Guaranteed Loans Grant Programs Where? Eligible Rural Areas Cities, towns, and census designated places (CDPs) with populations of 20,000 or less according to the latest decennial census of the United

570 views • 20 slides
Proposed Tuition & Fees Academic Year 2014-15 Office of the Executive Vice Chancellor and

Proposed Tuition & Fees Academic Year 2014-15 Office of the Executive Vice Chancellor and

Proposed Tuition & Fees Academic Year 2014-15 Office of the Executive Vice Chancellor and Provost November 2013 Public Peer Institutions Tuition and Fees 2013-2014 Public Peer Institutions Undergraduate Residents - 2013-14 Tuition &

607 views • 22 slides
Aspects of Inheritance Inheritance Readings: OOSCS2 Chapters 14 16 Code Reuse

Aspects of Inheritance Inheritance Readings: OOSCS2 Chapters 14 16 Code Reuse

Aspects of Inheritance Inheritance Readings: OOSCS2 Chapters 14 16 Code Reuse Substitutability Polymorphism and Dynamic Binding [ compile-time type checks ] EECS3311 A & E: Software Design Sub-contracting Fall 2020 [

226 views • 6 slides
CCL Industries Inc. CCL Industries Inc. Investor Update 3 rd Quarter 2013 Review November 11,

CCL Industries Inc. CCL Industries Inc. Investor Update 3 rd Quarter 2013 Review November 11,

CCL Industries Inc. CCL Industries Inc. Investor Update 3 rd Quarter 2013 Review November 11, 2013 Disclaimer This presentation contains forward-looking information and forward-looking statements (hereinafter collectively referred to as

580 views • 21 slides
First Quarter 2020 Results Thomas Gottstein, Chief Executive Officer David Mathers, Chief

First Quarter 2020 Results Thomas Gottstein, Chief Executive Officer David Mathers, Chief

Credit Suisse First Quarter 2020 Results Thomas Gottstein, Chief Executive Officer David Mathers, Chief Financial Officer April 23, 2020 Disclaimer (1/2) Credit Suisse has not finalized its 1Q20 Financial Report and Credit Suisses

1.08k views • 53 slides

More recommend