trusted memory
play

TRUSTED MEMORY Software-Based O-Chip Memory Protection for RISC-V - PowerPoint PPT Presentation

Nov 02, 2022 •206 likes •703 views

TRUSTED MEMORY Software-Based O-Chip Memory Protection for RISC-V Trusted Execution Environments Gui Andrade Krste Asanovi Dayeol Lee David Kohlbrenner Dawn Song University of California, Berkeley TRUSTED MEMORY? Securing data/code

  1. TRUSTED MEMORY Software-Based O�-Chip Memory Protection for RISC-V Trusted Execution Environments Gui Andrade Krste Asanović Dayeol Lee David Kohlbrenner Dawn Song University of California, Berkeley

  2. TRUSTED MEMORY? Securing data/code against snooping/reverse-engineering Cryptographic keys Personally identifiable information Proprietary algorithms Code obscurity Biometric data (defense-in-depth)

  3. TRUSTED MEMORY? Two security domains of system memory: on-chip and ofg-chip . On-chip presumed secure , ofg-chip not quite

  4. TRUSTED MEMORY? Two security domains of system memory: on-chip and ofg-chip . On-chip presumed secure , O�-chip memory On-chip memory ofg-chip not quite a determined extremely di�cult hobbyist (!) could (expensive) to compromise compromise

  5. TRUSTED MEMORY? Two security domains of system memory: on-chip and ofg-chip . On-chip presumed secure , O�-chip memory ofg-chip not quite On-chip memory some gigabytes of some megabytes of storage storage

  6. TRUSTED MEMORY? (to scale) On-chip RAM Two security domains of system memory: on-chip and ofg-chip . Ofg-chip RAM On-chip presumed secure , ofg-chip not quite Hifive Unleashed

  7. also, who’s this Determined Hobbyist?

  8. also, who’s this Determined Hobbyist? the person trying to dump their game console RAM (“neimod” soldered FPGA I/O to this Nintendo 3DS’s memory bus)

  9. Problems Confidentiality Integrity “can an attacker “can an attacker secretly read my data?” change my data?” chonge

  10. Today Keystone Framework intro 1 Prior art in Intel SGX 2 Protected paging 3 Evaluation 4 Conclusion 5

  11. Our Toolset?

  12. an extensible, customizable Trusted Execution Environment framework for RISC-V

  13. Trusted Execution Other Apps Environments Ring 3 RAM OS / Hypervisor Ring 0 - 2 Trustworthy Hardware

  14. Trusted Execution Other Apps Environments Ring 3 RAM OS / Hypervisor Ring 0 - 2 Trustworthy Trusted Hardware Untrusted

  15. Trusted Sensitive Execution Other App Apps Enclave Environments Ring 3 RAM OS / Hypervisor Ring 0 - 2 Enclave Memory Trustworthy Trusted Hardware Untrusted

  16. Trusted Sensitive Execution Other App Apps Enclave Environments Ring 3 RAM OS / Hypervisor Ring 0 - 2 Integrity Enclave Memory Confidentiality Trustworthy Trusted Hardware Remote Attestation Untrusted

  17. Trusted ML Execution Training/ Competitor Inference Environments Ring 3 RAM Cloud provider Ring 0 - 2 Integrity Enclave Memory Confidentiality Trustworthy Trusted Hardware Remote Attestation Untrusted

  18. Perfect! but... Sensitive Other App Apps Enclave Ring 3 RAM On-chip memory OS / Hypervisor some megabytes of Ring 0 - 2 storage Enclave Memory Trusted Untrusted

  19. Perfect! but... Sensitive Other App Apps Enclave Ring 3 RAM On-chip memory OS / Hypervisor exhausted very Ring 0 - 2 quickly Enclave Memory Trusted Untrusted

  20. Perfect! but... Sensitive Other App Apps demand paging Enclave Ring 3 RAM On-chip memory OS / Hypervisor exhausted very Ring 0 - 2 quickly Enclave Memory Trusted Untrusted

  21. Problems Confidentiality Integrity “can an attacker “can an attacker secretly read my pages?” change my pages?” chonge

  22. Solutions Encryption Hashing any outbound pages any inbound pages have are encrypted their hashes checked

  23. Precedent Confidentiality Integrity Intel’s Secure Guard Extensions solve in hardware

  24. Precedent Confidentiality Integrity Modified Carter-Wegman AES-CTR, 128-bit MAC, 56-bit 512b block granularity Version counters Merkle tree for replay hash storage protection

  25. A Software Approach for commodity RISC-V hardware Confidentiality Integrity AES-CTR, 256-bit SHA256 page size granularity Version counters Merkle tree (multiple for replay hash storage of 4096b) protection

  26. The Scheme s_hash := sha(s)

  27. The Scheme s_hash := sha(s) s_enc := aes(s)

  28. The Scheme s_hash := sha(s) s_enc := aes(s) d_dec := aes(d)

  29. The Scheme s_hash := sha(s) s_enc := aes(s) d_dec := aes(d) d_hash := aes(d_dec)

  30. The Scheme s_hash := sha(s) s_enc := aes(s) d_dec := aes(d) d_hash := aes(d_dec) check_hash(d_hash)

  31. The Scheme s_hash := sha(s) s_enc := aes(s) d_dec := aes(d) d_hash := aes(d_dec) check_hash(d_hash) store_hash(s_hash)

  32. The Why a tree? Scheme Array of page hashes too big (wasteful) for s_hash := sha(s) s_enc := aes(s) on-chip memory d_dec := aes(d) d_hash := aes(d_dec) Move it o�-chip check_hash(d_hash) store_hash(s_hash)

  33. The Why a tree? Scheme O �-chip hashes s_hash := sha(s) s_enc := aes(s) Untrusted hashes? d_dec := aes(d) d_hash := aes(d_dec) check_hash(d_hash) store_hash(s_hash)

  34. Problems Confidentiality Integrity “can an attacker “can an attacker secretly read my hashes?” change my hashes?” chonge

  35. Solutions Don’t care! More hashing! cryptographic hash the hash hashes leak no store, keep the information root hash safe

  36. Hashing Resident pages Enclave memory the store Hash store sha(p1) sha(p1) sha(p2) sha(p3) sha(p4) sha(p5) sha(p6) sha(p7) Trusted world Original plan: Keep nonresident page hashes in Non-resident secure memory User OS pages Problem: On-chip memory too valuable! Untrusted world

  37. Hashing Resident pages Enclave memory the store Root hash sha(hash store) Trusted world Solution: Move store ofg-chip, check its Non-resident integrity during User OS pages page swaps Problem: Hash store Hashing the entire sha(p1) sha(p1) sha(p2) sha(p3) sha(p4) sha(p5) sha(p6) sha(p7) store wastes CPU Untrusted world cycles

  38. Hashing Resident pages Enclave memory the store Root hash sha(left block || right block) Trusted world Solution: - Split hash store - Hash left or right Non-resident side as needed User OS pages - Propagate to root Hash store Problem: Hashing half of sha(p1) sha(p1) sha(p2) sha(p3) sha(p4) sha(p5) sha(p6) sha(p7) store still too much Untrusted world for one page swap

  39. Hashing Resident pages Enclave memory the store Root hash sha(left node || right node) Trusted world Solution: - Recursive splits - Hash only the Non-resident relevant leaf User OS pages - Propagate to root Hash store sha(left block || right block) sha(left block || right block) This tree structure is called a Merkle Tree . sha(p1) sha(p1) sha(p2) sha(p3) sha(p4) sha(p5) sha(p6) sha(p7) Untrusted world

  40. Hashing Resident pages Enclave memory the store Root hash sha(left node || right node) Trusted world Merkle tree tradeofgs: - Very little secure memory usage Non-resident - Deeper tree needs Hash store User OS sha(left node || right node) sha(left node || right node) pages more insecure mem - Deeper tree hashes sha(left || right) sha(left || right) sha(left || right) sha(left || right) fewer bytes total - Deeper tree needs sha(p1) sha(p1) sha(p2) sha(p3) sha(p4) sha(p5) sha(p6) sha(p7) more hash passes Untrusted world

  41. Evaluation Software memory protection feasible, with appreciable overhead. Optimizations pending; current implementation conservative with security guarantees

  42. Evaluation With effjcient paging infrastructure, even unoptimized protection routines could be viable.

  43. Evaluation Unfortunately, paging currently accounts for huge runtime overheads

  44. Conclusion Protected paging appropriate for security-critical , speed-flexible operations Specifically, ones under secure memory pressure

  45. Conclusion Protected paging lays groundwork for other space optimizations - Free up L2 cache when enclave is idle - Balance on-chip memory among several enclaves

  46. A Flexible Approach

  47. Conclusion Software protections need no special IP blocks! Frees up die area for cost constrained hardware

  48. Conclusion Software protections are complemented by special IP blocks! One scheme parametrizable over many hardware configurations

Recommend

Trust Me An exploration of @trusted code in D Steven Schveigho ff er - DConf Online 2020 Code:

Trust Me An exploration of @trusted code in D Steven Schveigho ff er - DConf Online 2020 Code:

Trust Me An exploration of @trusted code in D Steven Schveigho ff er - DConf Online 2020 Code: https://github.com/schveiguy/dconf2020 Memory Safety! Memory Safety Real Problems Source:

858 views • 51 slides
Trusted Caregivers, On Demand An app that provides a marketplace of trusted, convenient, and

Trusted Caregivers, On Demand An app that provides a marketplace of trusted, convenient, and

Trusted Caregivers, On Demand An app that provides a marketplace of trusted, convenient, and affordable caregivers to families on demand. Why create RestUp? Americans provide $470 Billion in unpaid care in 2015. Emergency Staffing

324 views • 8 slides
Memory II. Memory improvement III. Problems with memory 3 systems/stages of Memory: memory

Memory II. Memory improvement III. Problems with memory 3 systems/stages of Memory: memory

Main Focus I. Memory as a process Memory II. Memory improvement III. Problems with memory 3 systems/stages of Memory: memory the process by which I. Sensory Memory information is - acquired, II. Short -Term Memory - stored,

169 views • 5 slides
Your Trusted China Partner Market Overview Your Trusted Partner in China Source: McKinsey &

Your Trusted China Partner Market Overview Your Trusted Partner in China Source: McKinsey &

Chinas Dietary Supplement Industry Market Insights Natural Products Expo West March 11, 2017 Your Trusted China Partner Market Overview Your Trusted Partner in China Source: McKinsey & Company Your Trusted Partner in China Consumer

409 views • 29 slides
1 Memory SoC Persistent Memory-Driven Memory Memory Processor-Centric Memory SoC SoC

1 Memory SoC Persistent Memory-Driven Memory Memory Processor-Centric Memory SoC SoC

1 Memory SoC Persistent Memory-Driven Memory Memory Processor-Centric Memory SoC SoC Computing Computing + Fabric SoC Memory HYPERCONVERGED Exascale EDGE DEVICE SYSTEM Eliminate data movement via shared

400 views • 11 slides
Trusted Platform Module Dries Schellekens COSIC, KU Leuven Nomenclature Trusted versus

Trusted Platform Module Dries Schellekens COSIC, KU Leuven Nomenclature Trusted versus

Trusted Platform Module Dries Schellekens COSIC, KU Leuven Nomenclature Trusted versus trustworthy RFC 4949 (Internet Security Glossary) Trust : A feeling of certainty (sometimes based on inconclusive evidence) either (a) that the system

788 views • 33 slides
for TPM API Aybek Mukhamedov, Andy Gordon and Mark Ryan Trusted Platform Module Trusted

for TPM API Aybek Mukhamedov, Andy Gordon and Mark Ryan Trusted Platform Module Trusted

Towards Verified C specification for TPM API Aybek Mukhamedov, Andy Gordon and Mark Ryan Trusted Platform Module Trusted Computing, an initiative by major IT vendors Functions: integrity measurement, reporting & protected storage

374 views • 16 slides
Trusted Execution Environments on Mobile Devices ACM CCS 2013 tutorial Jan-Erik Ekberg, Trustonic

Trusted Execution Environments on Mobile Devices ACM CCS 2013 tutorial Jan-Erik Ekberg, Trustonic

Trusted Execution Environments on Mobile Devices ACM CCS 2013 tutorial Jan-Erik Ekberg, Trustonic Kari Kostiainen, ETH Zurich N. Asokan, University of Helsinki and Aalto University What is a TEE? Processor, memory, storage, peripherals

1.23k views • 112 slides
Trusted Mobile Platforms: Part 1: An introduction to trusted computing Chris Mitchell Royal

Trusted Mobile Platforms: Part 1: An introduction to trusted computing Chris Mitchell Royal

Trusted Mobile Platforms: Part 1: An introduction to trusted computing Chris Mitchell Royal Holloway, University of London c.mitchell@rhul.ac.uk http://www.isg.rhul.ac.uk/~cjm Contents What is trusted computing? The TCG TCG

1.43k views • 114 slides
UMBC M A L F T U M B C I O M Y O T R 1 (April 10, 2000 12:36 pm) I E S R C

UMBC M A L F T U M B C I O M Y O T R 1 (April 10, 2000 12:36 pm) I E S R C

Systems Programming 8086/88 Memory Interface II CMPE 310 Memory Address Decoding The processor can usually address a memory space that is much larger than the memory space covered by an individual memory chip. In order to splice a memory device

713 views • 21 slides
Chapter 10 Trusted Computing Trusted Computing Chapter 10 and Multilevel Security and

Chapter 10 Trusted Computing Trusted Computing Chapter 10 and Multilevel Security and

Computer S ecurity: Principles and Practice Chapter 10 Trusted Computing Trusted Computing Chapter 10 and Multilevel Security and Multilevel Security First Edition by William S tallings and Lawrie Brown Lecture slides by Lawrie

636 views • 40 slides
Four Layers to Build a Four Layers to Build a Trusted Architecture Trusted Architecture Danny

Four Layers to Build a Four Layers to Build a Trusted Architecture Trusted Architecture Danny

Trusted Architecture for Trusted Architecture for Securely Shared Services Securely Shared Services Four Layers to Build a Four Layers to Build a Trusted Architecture Trusted Architecture Danny De Cock K.U.Leuven ESAT/COSIC

369 views • 17 slides
1 Brenda Milner 1918 There are Two Major Forms of Long Term Memory Explicit (Declarative)

1 Brenda Milner 1918 There are Two Major Forms of Long Term Memory Explicit (Declarative)

The Study of Memory Has Two Parts: Cellular Mechanisms of Learning (1) The Systems Problem of Memory: Where in the brain is memory stored? and the Biological Basis of Individuality (2) The Molecular Problem of Memory: How is memory stored at

536 views • 8 slides
A BAD DREAM: SUBVERTING TRUSTED PLATFORM MODULE WHILE YOU ARE SLEEPING Seunghun Han, Wook Shin,

A BAD DREAM: SUBVERTING TRUSTED PLATFORM MODULE WHILE YOU ARE SLEEPING Seunghun Han, Wook Shin,

A BAD DREAM: SUBVERTING TRUSTED PLATFORM MODULE WHILE YOU ARE SLEEPING Seunghun Han, Wook Shin, Jun-Hyeok Park, and HyoungChun Kim, National Security Research Institute BACKGROUND Trusted Computing Group (TCG) Trusted Platform Module

375 views • 19 slides
Protecting Memory What is there to protect in memory? Page tables and virtual memory

Protecting Memory What is there to protect in memory? Page tables and virtual memory

Protecting Memory What is there to protect in memory? Page tables and virtual memory protection Special security issues for memory Buffer overflows Lecture 8 Page 1 CS 236 Online What Is In Memory? Executable code

401 views • 24 slides
Access Control Casey Schaufler August 2010 Casey Schaufler Trusted Solaris, Trusted Irix,

Access Control Casey Schaufler August 2010 Casey Schaufler Trusted Solaris, Trusted Irix,

File Content Based Access Control Casey Schaufler August 2010 Casey Schaufler Trusted Solaris, Trusted Irix, Linux LSM Various Government Efforts Trusix, CMM, CHATS Standards P1003.1e/2c, TSIG Smack Linux Security Module

497 views • 30 slides
Memory & Game Content 1 Memory is precious Memory is precious, especially on simpler

Memory & Game Content 1 Memory is precious Memory is precious, especially on simpler

Memory & Game Content 1 Memory is precious Memory is precious, especially on simpler devices. Even on PCs need to be cautious, using too much memory tends to drive you off a performance cliff Memory fragmentation (or address space

700 views • 13 slides
Memory Management Memory Management 5A. Memory Management and Address Spaces 1. allocate/assign

Memory Management Memory Management 5A. Memory Management and Address Spaces 1. allocate/assign

4/12/2017 Memory Management Memory Management 5A. Memory Management and Address Spaces 1. allocate/assign physical memory to processes 5B. Simple Memory Allocation explicit requests: malloc (sbrk) implicit: program loading, stack

205 views • 8 slides
Memory Management Memory Management 5A. Memory Management and Address Spaces 1. allocate/assign

Memory Management Memory Management 5A. Memory Management and Address Spaces 1. allocate/assign

4/14/2018 Memory Management Memory Management 5A. Memory Management and Address Spaces 1. allocate/assign physical memory to processes 5B. Memory Allocation explicit requests: malloc (sbrk) implicit: program loading, stack extension

555 views • 9 slides
Trusted Component Deployment Trusted Components Bernd Schoeller January 30 th , 2006 Code from

Trusted Component Deployment Trusted Components Bernd Schoeller January 30 th , 2006 Code from

Trusted Component Deployment Trusted Components Bernd Schoeller January 30 th , 2006 Code from the Web Can I trust the software on my machine, knowing that there are very bad people out there ? risk of malicious code risk of

392 views • 28 slides
CSE 351: Section 10 Memory Allocation Memory Allocation Must allocate any memory you need to

CSE 351: Section 10 Memory Allocation Memory Allocation Must allocate any memory you need to

CSE 351: Section 10 Memory Allocation Memory Allocation Must allocate any memory you need to use Allocating memory = designating a block of it as 'used' This way, you don't overwrite your data The memory isn't changed, but

417 views • 15 slides
1 Basic use of caches Levels in the memory hierarchy When fetching an instruction, first

1 Basic use of caches Levels in the memory hierarchy When fetching an instruction, first

Memory Hierarchy Goal of a memory hierarchy Memory: hierarchy of components of various speeds and Keep close to the ALU the information that will be needed capacities now and in the near future Memory closest to ALU is fastest but

56 views • 5 slides
Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides

Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides

Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklins 712 lecture, Fall 2006) Trusted Computing Hardware What can you do if you have trusted hardware?

315 views • 27 slides
Welcome to The Memory Class An Introduction to Memory Problems and the Memory Center Agenda For

Welcome to The Memory Class An Introduction to Memory Problems and the Memory Center Agenda For

Welcome to The Memory Class An Introduction to Memory Problems and the Memory Center Agenda For Todays Class Importance of the Questionnaire Description of the Memory Center Program Advanced Care Planning Lecture about Memory

695 views • 38 slides

More recommend