TreVisor: OS-independent software-based full disk encryption secure against main memory attacks

Authors:
Tilo Müller;Benjamin Taubmann;Felix C. Freiling
Affiliations:
Department of Computer Science, Friedrich-Alexander University of Erlangen-Nuremberg, Germany;Department of Computer Science, Friedrich-Alexander University of Erlangen-Nuremberg, Germany;Department of Computer Science, Friedrich-Alexander University of Erlangen-Nuremberg, Germany
Venue:
ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security
Year:
2012

Citing 6
Cited 5

Lest we remember: cold boot attacks on encryption keys

SS'08 Proceedings of the 17th conference on Security symposium
Intel's New AES Instructions for Enhanced Performance and Security

Fast Software Encryption
AESSE: a cold-boot resistant implementation of AES

Proceedings of the Third European Workshop on System Security
TRESOR runs encryption securely outside RAM

SEC'11 Proceedings of the 20th USENIX conference on Security
Cache attacks and countermeasures: the case of AES

CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
A method for safekeeping cryptographic keys from memory disclosure attacks

INTRUST'09 Proceedings of the First international conference on Trusted Systems

TRESOR-HUNT: attacking CPU-bound encryption

Proceedings of the 28th Annual Computer Security Applications Conference
Deadbolt: locking down android disk encryption

Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices
PRIME: private RSA infrastructure for memory-less encryption

Proceedings of the 29th Annual Computer Security Applications Conference
Beyond full disk encryption: protection on security-enhanced commodity processors

ACNS'13 Proceedings of the 11th international conference on Applied Cryptography and Network Security
FROST: forensic recovery of scrambled telephones

ACNS'13 Proceedings of the 11th international conference on Applied Cryptography and Network Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Software-based disk encryption techniques store necessary keys in main memory and are therefore vulnerable to DMA and cold boot attacks which can acquire keys from RAM. Recent research results have shown operating system dependent ways to overcome these attacks. For example, the TRESOR project patches Linux to store AES keys solely on the microprocessor. We present TreVisor, the first software-based and OS-independent solution for full disk encryption that is resistant to main memory attacks. It builds upon BitVisor, a thin virtual machine monitor which implements various security features. Roughly speaking, TreVisor adds the encryption facilities of TRESOR to BitVisor, i. e., we move TRESOR one layer below the operating system into the hypervisor such that secure disk encryption runs transparently for the guest OS. We have tested its compatibility with both Linux and Windows and show positive security and performance results.