Minimizing Event-Handling Latencies in Secure Virtual Machines
Authors:
Janis Danisevskis,
Michael Peter,
Jan Nordholz
Abstract:
Virtualization, after having found widespread adoption in the server and desktop arena, is poised to change the architecture of embedded systems as well. The benefits afforded by virtualization - enhanced isolation, manageability, flexibility, and security - could be instrumental for developers of embedded systems as an answer to the rampant increase in complexity.
While mature desktop and serve…
▽ More
Virtualization, after having found widespread adoption in the server and desktop arena, is poised to change the architecture of embedded systems as well. The benefits afforded by virtualization - enhanced isolation, manageability, flexibility, and security - could be instrumental for developers of embedded systems as an answer to the rampant increase in complexity.
While mature desktop and server solutions exist, they cannot be easily reused on embedded systems because of markedly different requirements. Unfortunately, optimizations aimed at throughput, important for servers, often compromise on aspects like predictable real-time behavior, which are crucial to many embedded systems. In a similar vein, the requirements for small trusted computing bases, lightweight inter-VM communication, and small footprints are often not accommodated. This observation suggests that virtual machines for embedded systems should be constructed from scratch with particular attention paid to the specific requirements.
In this paper, we set out with a virtual machine designed for security-conscious workloads and describe the steps necessary to achieve good event-handling latencies. That evolution is possible because the underlying microkernel is well suited to satisfy real-time requirements. As the guest system we chose Linux with the PREEMPT_RT configuration, which itself was developed in an effort to bring down event-handling latencies in a general purpose system. Our results indicate that the increase of event-handling latencies of a guest running in a virtual machine does not, compared to native execution, exceed a factor of two.
△ Less
Submitted 4 June, 2018;
originally announced June 2018.
Fault Attacks on Encrypted General Purpose Compute Platforms
Authors:
Robert Buhren,
Shay Gueron,
Jan Nordholz,
Jean-Pierre Seifert,
Julian Vetter
Abstract:
Adversaries with physical access to a target platform can perform cold boot or DMA attacks to extract sensitive data from the RAM. In response, several main-memory encryption schemes have been proposed to prevent such attacks. Also hardware vendors have acknowledged the threat and already announced respective hardware extensions. Intel's SGX and AMD's SME will provide means to encrypt parts of the…
▽ More
Adversaries with physical access to a target platform can perform cold boot or DMA attacks to extract sensitive data from the RAM. In response, several main-memory encryption schemes have been proposed to prevent such attacks. Also hardware vendors have acknowledged the threat and already announced respective hardware extensions. Intel's SGX and AMD's SME will provide means to encrypt parts of the RAM to protect security-relevant assets that reside there. Encrypting the RAM will protect the user's content against passive eavesdrop**. However, the level of protection it provides in scenarios that involve an adversary who is not only able to read from RAM but can also change content in RAM is less clear. Obviously, encryption offers some protection against such an "active" adversary: from the ciphertext the adversary cannot see what value is changed in the plaintext, nor predict the system behaviour based on the changes. But is this enough to prevent an active adversary from performing malicious tasks? This paper addresses the open research question whether encryption alone is a dependable protection mechanism in practice when considering an active adversary. To this end, we first build a software based memory encryption solution on a desktop system which mimics AMD's SME. Subsequently, we demonstrate a proof-of-concept fault attack on this system, by which we are able to extract the private RSA key of a GnuPG user. Our work suggests that transparent memory encryption is not enough to prevent active attacks.
△ Less
Submitted 12 December, 2016;
originally announced December 2016.