Paper 2022/1472

Cryptographic Protection of Random Access Memory: How Inconspicuous can Hardening Against the most Powerful Adversaries be?

Abstract

There is a trend towards providing stronger isolation between mutually untrusted processes running on the same computer system. For example, Intel SGX, AMD SEV, and Arm CCA all provide access control mechanisms to protect the execution of programs from hostile peer and higher privileged software. Some of these technologies include cryptographic memory protection, such as encryption and integrity checks, to protect against sophisticated physical attacks. We review the main technologies, from both academia and industry, to ensure confidentiality and integrity of main memory. We classify these technologies according to models of adversaries with varying capabilities, and group them according to corresponding protection levels. We also provide an extensive benchmarking of their performance penalties and memory overheads both on systems where the benchmark suite is the only running task and on heavily loaded systems. We additionally propose new solutions to further reduce the performance and memory overheads of such protection. For example, we show that advanced counter compression techniques make it viable to store them in a physically protected memory which is just 1:256 of the total off-chip memory. By repurposing ECC bits to store integrity tags, we can achieve hitherto unattained performance while providing full confidentiality, integrity, and replay protection. In the case of a representative server system, on the industry standard SPEC 2017 benchmark suite we achieve a 2% performance penalty if the benchmarks are the only running tasks, and roughly 4% on a system if the memory subsystem is fully saturated.

Note: Added second affiliation of first author. Previously: Completed migration to SPEC 2017 and major revision of text.