On the creation of a secure key enclave via the use of memory isolation in systems management mode

James Andrew Sutherland, Natalie Coull, Robert Ian Ferguson

Research output: Chapter in Book/Report/Conference proceedingConference contribution

104 Downloads (Pure)

Abstract

One of the challenges of modern cloud computer security is how to isolate or contain data and applications in a variety of ways, while still allowing sharing where desirable. Hardware-based attacks such as RowHammer and Spectre have demonstrated the need to safeguard the cryptographic operations and keys from tampering upon which so much current security technology depends. This paper describes research into security mechanisms for protecting sensitive areas of memory from tampering or intrusion using the facilities of Systems Management Mode. The work focuses on the creation of a small, dedicated area of memory in which to perform cryptographic operations, isolated from the rest of the system. The approach has been experimentally validated by a case study involving the creation of a secure webserver whose encryption key is protected using this approach such that even an intruder with full Administrator level access cannot extract the key.
Original languageEnglish
Title of host publicationCloud Computing 2023, The fourteenth International Conference on Clud Computing, Grids, and Virtualisation
PublisherInternational Academy, Research, and Industry Association (IARIA)
Pages30-40
Number of pages11
ISBN (Electronic)9781685580445
Publication statusPublished - 26 Jun 2023
EventThe Fourteenth International Conference on Cloud Computing, GRIDs, and Virtualization
- Saint-Laurent-du-Var, Nice, France
Duration: 26 Jun 202330 Jun 2023
https://www.iaria.org/conferences2023/CLOUDCOMPUTING23.html

Publication series

NameCloud Computing the international Conference on Clud Computing, Grids, adn Virtualization
PublisherInternational Academy, Research, and Industry Association (IARIA)
ISSN (Electronic)2308-4294

Conference

ConferenceThe Fourteenth International Conference on Cloud Computing, GRIDs, and Virtualization
Abbreviated titleCLOUD COMPUTING 2023
Country/TerritoryFrance
CityNice
Period26/06/2330/06/23
Internet address

Keywords

  • Key-enclave
  • Hardware security
  • System-management mode

Fingerprint

Dive into the research topics of 'On the creation of a secure key enclave via the use of memory isolation in systems management mode'. Together they form a unique fingerprint.

Cite this