Paper 2022/1472

Cryptographic Protection of Random Access Memory: How Inconspicuous can Hardening Against the most Powerful Adversaries be?

Roberto Avanzi, ARM Germany GmbH, Caesarea Rothschild Institute, University of Haifa, Israel
Ionut Mihalcea, ARM (United Kingdom)
David Schall, University of Edinburgh
Héctor Montaner, Graphcore
Andreas Sandberg, ARM (United Kingdom)
Abstract

There is a trend towards providing stronger isolation between mutually untrusted processes running on the same computer system. For example, Intel SGX, AMD SEV, and Arm CCA all provide access control mechanisms to protect the execution of programs from hostile peer and higher privileged software. Some of these technologies include cryptographic memory protection, such as encryption and integrity checks, to protect against sophisticated physical attacks. We review the main technologies, from both academia and industry, to ensure confidentiality and integrity of main memory. We classify these technologies according to models of adversaries with varying capabilities, and group them according to corresponding protection levels. We also provide an extensive benchmarking of their performance penalties and memory overheads both on systems where the benchmark suite is the only running task and on heavily loaded systems. We additionally propose new solutions to further reduce the performance and memory overheads of such protection. For example, we show that advanced counter compression techniques make it viable to store them in a physically protected memory which is just 1:256 of the total off-chip memory. By repurposing ECC bits to store integrity tags, we can achieve hitherto unattained performance while providing full confidentiality, integrity, and replay protection. In the case of a representative server system, on the industry standard SPEC 2017 benchmark suite we achieve a 2% performance penalty if the benchmarks are the only running tasks, and roughly 4% on a system if the memory subsystem is fully saturated.

Note: Added second affiliation of first author. Previously: Completed migration to SPEC 2017 and major revision of text.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Preprint.
Keywords
Memory EncryptionMemory IntegritySecurity and privacyHardware-based security protocols
Contact author(s)
roberto avanzi @ gmail com
ionut mihalcea @ arm com
david schall @ ed ac uk
hector montaner @ outlook com
andreas sandberg @ arm com
History
2023-07-04: last of 10 revisions
2022-10-27: received
See all versions
Short URL
https://ia.cr/2022/1472
License
Creative Commons Attribution-NonCommercial-NoDerivs
CC BY-NC-ND

BibTeX

@misc{cryptoeprint:2022/1472,
      author = {Roberto Avanzi and Ionut Mihalcea and David Schall and Héctor Montaner and Andreas Sandberg},
      title = {Cryptographic Protection of Random Access Memory: How Inconspicuous can Hardening Against the most Powerful Adversaries be?},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1472},
      year = {2022},
      note = {\url{https://eprint.iacr.org/2022/1472}},
      url = {https://eprint.iacr.org/2022/1472}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.