Holistic Protection against Memory Exfiltration Attacks via On-the-Fly Virtualization

Description

Each day, everyone one of us generates vast amounts of digital data

on our computing devices. A lot of this data can be considered

sensitive – and does not have to include company secrets or otherwise

classified data in order to be considered important. Even just

regular personal data is worthy of protection; hardware and software

manufacturers have realized this and as a result, all modern phones

and computers can protect their user’s data via means of encryption.

Unfortunately, almost all of the mainstream focus has been on

protection of data at rest – no consumer devices protect the user’s

data during processing, while it is stored in main memory, and where

it is vulnerable to so-called cold boot attacks. In this thesis, we

approach the problem of protecting main memory contents from data

exfiltration attacks by combining several techniques that have been

explored in literature before – such as on-the-fly virtualization and

CPU-bound encryption – in order to assess the viability of a system

that provides on-demand memory encryption of a system’s main memory.

We present a proof-of-concept implementation of a hypervisor that

transparently encrypts and decrypts the system RAM of a running Linux

system, evaluate its performance, and talk about the challenges that

we encountered during the implementation.