Cryptkeeper: Improving security with encrypted RAM

Research output: Chapter in Book/Report/Conference proceedingConference contribution

36 Scopus citations

Abstract

Random Access Memory (RAM) was recently shown to be vulnerable to physical attacks exposing the totality of memory, including user data and encryption keys. We present Cryptkeeper, a novel software-encrypted virtual memory manager that mitigates data exposure when used with a secure key-hiding mechanism. Cryptkeeper significantly reduces the amount of cleartext data in memory by dividing RAM into a smaller, cleartext working set and a larger, encrypted area. This extends the standard memory model and provides encrypted swap as a side effect. Despite a 9x slowdown in pathological cases, target applications such as Firefox are only 9% slower with our Linux-based prototype. We also identify several optimizations which can significantly improve performance. Cryptkeeper enables the expression of new security policies for memory, and demonstrates that modern personal computers can perform heavy-duty work on behalf of operating systems with surprisingly low overhead.

Original languageEnglish (US)
Title of host publication2010 IEEE International Conference on Technologies for Homeland Security, HST 2010
Pages120-126
Number of pages7
DOIs
StatePublished - 2010
Event2010 10th IEEE International Conference on Technologies for Homeland Security, HST 2010 - Waltham, MA, United States
Duration: Nov 8 2010Nov 10 2010

Publication series

Name2010 IEEE International Conference on Technologies for Homeland Security, HST 2010

Other

Other2010 10th IEEE International Conference on Technologies for Homeland Security, HST 2010
CountryUnited States
CityWaltham, MA
Period11/8/1011/10/10

Keywords

  • Data security
  • Memory management
  • Operating systems

Fingerprint Dive into the research topics of 'Cryptkeeper: Improving security with encrypted RAM'. Together they form a unique fingerprint.

Cite this