TreVisor - Cryptography & Security Department

More documents

Recommendations

Info

Key Storage Registers ● Usually, debug registers (dr0 - dr7) can be accessed with ring 0 privileges from guest OS ● Now we need exclusive access from ring -1 (VMM) ● We must protect the debug registers from guest OS: ● Throw VMEXIT exception when the guest tries to access debug registers (virtualization control: "MOV-DR exiting") ● Exception handler: ignore instruction (increment IP), don't throw exception to guest, mirror guest debug regs in RAM � Changes privilege level of debug regs from ring 0 to -1 June 26 - 29, 2012 · ACNS '12 Singapore · <strong>TreVisor</strong> · Tilo Müller, Benjamin Taubmann, and Felix C. Freiling
Key Management ● Every CPU core should be able to do encryption � Key has to be present in every single core � Use Inter-Processor Interrupts (IPIs) to distribute the key (For key distribution, RAM is used briefly but cleared thoroughly afterwards) June 26 - 29, 2012 · ACNS '12 Singapore · <strong>TreVisor</strong> · Tilo Müller, Benjamin Taubmann, and Felix C. Freiling
Page 1 and 2: TreVisor OS-Independent Software-Ba
Page 3 and 4: Part I Motivation I. Motivation: Me
Page 5 and 6: Disk Encryption But current (softwa
Page 7 and 8: Attacks on Main Memory Problem: mai
Page 9 and 10: Cold Boot Attacks ● Remanence eff
Page 11 and 12: Attacks on Main Memory Basically al
Page 13 and 14: Part II Background & Design I. Moti
Page 15 and 16: TRESOR Problems ● TRESOR effectiv
Page 17 and 18: TRESOR vs. TreVisor App App TRESOR
Page 19 and 20: Tresor + BitVisor = TreVisor We use
Page 21: Registers Debug registers: SSE Regi
Page 25 and 26: Availability http://www1.cs.fau.de/
Page 27 and 28: TreVisor Performance Linux (write)
Page 29 and 30: Compatibility: Hardware ● CPU req
Page 31 and 32: Security Overview Threat Model Hard
Page 33 and 34: Part V Conclusion I. Motivation: Me
Page 35: The End Thank you for your attentio

TreVisor - Cryptography & Security Department

Create successful ePaper yourself

Delete template?

Save as template?