TreVisor - Cryptography & Security Department

More documents

Recommendations

Info

TRESOR TRESOR Runs Encryption Securely Outside RAM ● Published at USENIX 2011 ● Keys are stored in CPU registers (dr0-dr3) rather than in RAM ● All intermediate states / runtime variables are stored only in CPU registers as well ● Challenges: ● No use of stack and heap ● Scheduling, hardware interrupts, and context switches ● Userland access to debug registers (dr0-dr3) ● Swapping and Suspend-to-Disk / RAM ● ... ● Linux kernel patch (originally for 2.6.36); dm-crypt support ● AES-128, -192, and -256 accelerated by Intel's AES-NI June 26 - 29, 2012 · ACNS '12 Singapore · <strong>TreVisor</strong> · Tilo Müller, Benjamin Taubmann, and Felix C. Freiling
TRESOR Problems ● TRESOR effectively defeats cold boot attacks, but is still vulnerable to: ● write-able DMA attacks on running machines (code infiltration) ● local privilege escalations (loadable kernel modules and /dev/kmem) ● buggy drivers can lead to data corruption ● full disk encryption (FDE) is tricky to set up ● works for Linux only; no other OS supported June 26 - 29, 2012 · ACNS '12 Singapore · <strong>TreVisor</strong> · Tilo Müller, Benjamin Taubmann, and Felix C. Freiling
Page 1 and 2: TreVisor OS-Independent Software-Ba
Page 3 and 4: Part I Motivation I. Motivation: Me
Page 5 and 6: Disk Encryption But current (softwa
Page 7 and 8: Attacks on Main Memory Problem: mai
Page 9 and 10: Cold Boot Attacks ● Remanence eff
Page 11 and 12: Attacks on Main Memory Basically al
Page 13: Part II Background & Design I. Moti
Page 17 and 18: TRESOR vs. TreVisor App App TRESOR
Page 19 and 20: Tresor + BitVisor = TreVisor We use
Page 21 and 22: Registers Debug registers: SSE Regi
Page 23 and 24: Key Management ● Every CPU core s
Page 25 and 26: Availability http://www1.cs.fau.de/
Page 27 and 28: TreVisor Performance Linux (write)
Page 29 and 30: Compatibility: Hardware ● CPU req
Page 31 and 32: Security Overview Threat Model Hard
Page 33 and 34: Part V Conclusion I. Motivation: Me
Page 35: The End Thank you for your attentio

TreVisor - Cryptography & Security Department

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?