On the creation of a secure key enclave via the use of memory isolation in systems management mode

James Andrew Sutherland; Natalie Coull; Robert Ian Ferguson

On the creation of a secure key enclave via the use of memory isolation in systems management mode

James Andrew Sutherland, Natalie Coull, Robert Ian Ferguson

Department of Cybersecurity and Computing

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

182 Downloads (Pure)

Abstract

One of the challenges of modern cloud computer security is how to isolate or contain data and applications in a variety of ways, while still allowing sharing where desirable. Hardware-based attacks such as RowHammer and Spectre have demonstrated the need to safeguard the cryptographic operations and keys from tampering upon which so much current security technology depends. This paper describes research into security mechanisms for protecting sensitive areas of memory from tampering or intrusion using the facilities of Systems Management Mode. The work focuses on the creation of a small, dedicated area of memory in which to perform cryptographic operations, isolated from the rest of the system. The approach has been experimentally validated by a case study involving the creation of a secure webserver whose encryption key is protected using this approach such that even an intruder with full Administrator level access cannot extract the key.

Original language	English
Title of host publication	Cloud Computing 2023, The fourteenth International Conference on Clud Computing, Grids, and Virtualisation
Publisher	International Academy, Research, and Industry Association (IARIA)
Pages	30-40
Number of pages	11
ISBN (Electronic)	9781685580445
Publication status	Published - 26 Jun 2023
Event	The Fourteenth International Conference on Cloud Computing, GRIDs, and Virtualization - Saint-Laurent-du-Var, Nice, France Duration: 26 Jun 2023 → 30 Jun 2023 https://www.iaria.org/conferences2023/CLOUDCOMPUTING23.html

Publication series

Name	Cloud Computing the international Conference on Clud Computing, Grids, adn Virtualization
Publisher	International Academy, Research, and Industry Association (IARIA)
ISSN (Electronic)	2308-4294

Conference

Conference	The Fourteenth International Conference on Cloud Computing, GRIDs, and Virtualization
Abbreviated title	CLOUD COMPUTING 2023
Country/Territory	France
City	Nice
Period	26/06/23 → 30/06/23
Internet address	https://www.iaria.org/conferences2023/CLOUDCOMPUTING23.html

Keywords

Key-enclave
Hardware security
System-management mode

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

Ferguson_OnTheCreationSecure_Publsihed_2023Final published version, 399 KB

https://www.thinkmind.org/index.php?view=article&articleid=cloud_computing_2023_2_20_28005

On improving cybersecurity through memory isolation using systems management mode
Sutherland, J. (Author), Ferguson, I. (Supervisor) & Coull, N. (Supervisor), 18 Apr 2019
Student thesis: Doctoral Thesis

File

Cite this

Sutherland, J. A., Coull, N., & Ferguson, R. I. (2023). On the creation of a secure key enclave via the use of memory isolation in systems management mode. In Cloud Computing 2023, The fourteenth International Conference on Clud Computing, Grids, and Virtualisation (pp. 30-40). (Cloud Computing the international Conference on Clud Computing, Grids, adn Virtualization). International Academy, Research, and Industry Association (IARIA). https://www.thinkmind.org/index.php?view=article&articleid=cloud_computing_2023_2_20_28005

Sutherland, James Andrew ; Coull, Natalie ; Ferguson, Robert Ian. / On the creation of a secure key enclave via the use of memory isolation in systems management mode. Cloud Computing 2023, The fourteenth International Conference on Clud Computing, Grids, and Virtualisation. International Academy, Research, and Industry Association (IARIA), 2023. pp. 30-40 (Cloud Computing the international Conference on Clud Computing, Grids, adn Virtualization).

@inproceedings{9b6acb393fd0461eb0f1ab8339c072f4,

title = "On the creation of a secure key enclave via the use of memory isolation in systems management mode",

abstract = "One of the challenges of modern cloud computer security is how to isolate or contain data and applications in a variety of ways, while still allowing sharing where desirable. Hardware-based attacks such as RowHammer and Spectre have demonstrated the need to safeguard the cryptographic operations and keys from tampering upon which so much current security technology depends. This paper describes research into security mechanisms for protecting sensitive areas of memory from tampering or intrusion using the facilities of Systems Management Mode. The work focuses on the creation of a small, dedicated area of memory in which to perform cryptographic operations, isolated from the rest of the system. The approach has been experimentally validated by a case study involving the creation of a secure webserver whose encryption key is protected using this approach such that even an intruder with full Administrator level access cannot extract the key.",

author = "Sutherland, \{James Andrew\} and Natalie Coull and Ferguson, \{Robert Ian\}",

note = "{\textcopyright} IARIA, 2023 Data availability statement: Not present.; The Fourteenth International Conference on Cloud Computing, GRIDs, and Virtualization<br/>, CLOUD COMPUTING 2023 ; Conference date: 26-06-2023 Through 30-06-2023",

year = "2023",

month = jun,

day = "26",

language = "English",

series = "Cloud Computing the international Conference on Clud Computing, Grids, adn Virtualization",

publisher = "International Academy, Research, and Industry Association (IARIA)",

pages = "30--40",

booktitle = "Cloud Computing 2023, The fourteenth International Conference on Clud Computing, Grids, and Virtualisation",

url = "https://www.iaria.org/conferences2023/CLOUDCOMPUTING23.html",

}

Sutherland, JA, Coull, N & Ferguson, RI 2023, On the creation of a secure key enclave via the use of memory isolation in systems management mode. in Cloud Computing 2023, The fourteenth International Conference on Clud Computing, Grids, and Virtualisation. Cloud Computing the international Conference on Clud Computing, Grids, adn Virtualization, International Academy, Research, and Industry Association (IARIA), pp. 30-40, The Fourteenth International Conference on Cloud Computing, GRIDs, and Virtualization
, Nice, France, 26/06/23. <https://www.thinkmind.org/index.php?view=article&articleid=cloud_computing_2023_2_20_28005>

On the creation of a secure key enclave via the use of memory isolation in systems management mode. / Sutherland, James Andrew; Coull, Natalie ; Ferguson, Robert Ian.
Cloud Computing 2023, The fourteenth International Conference on Clud Computing, Grids, and Virtualisation. International Academy, Research, and Industry Association (IARIA), 2023. p. 30-40 (Cloud Computing the international Conference on Clud Computing, Grids, adn Virtualization).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - On the creation of a secure key enclave via the use of memory isolation in systems management mode

AU - Sutherland, James Andrew

AU - Coull, Natalie

AU - Ferguson, Robert Ian

PY - 2023/6/26

Y1 - 2023/6/26

N2 - One of the challenges of modern cloud computer security is how to isolate or contain data and applications in a variety of ways, while still allowing sharing where desirable. Hardware-based attacks such as RowHammer and Spectre have demonstrated the need to safeguard the cryptographic operations and keys from tampering upon which so much current security technology depends. This paper describes research into security mechanisms for protecting sensitive areas of memory from tampering or intrusion using the facilities of Systems Management Mode. The work focuses on the creation of a small, dedicated area of memory in which to perform cryptographic operations, isolated from the rest of the system. The approach has been experimentally validated by a case study involving the creation of a secure webserver whose encryption key is protected using this approach such that even an intruder with full Administrator level access cannot extract the key.

AB - One of the challenges of modern cloud computer security is how to isolate or contain data and applications in a variety of ways, while still allowing sharing where desirable. Hardware-based attacks such as RowHammer and Spectre have demonstrated the need to safeguard the cryptographic operations and keys from tampering upon which so much current security technology depends. This paper describes research into security mechanisms for protecting sensitive areas of memory from tampering or intrusion using the facilities of Systems Management Mode. The work focuses on the creation of a small, dedicated area of memory in which to perform cryptographic operations, isolated from the rest of the system. The approach has been experimentally validated by a case study involving the creation of a secure webserver whose encryption key is protected using this approach such that even an intruder with full Administrator level access cannot extract the key.

M3 - Conference contribution

T3 - Cloud Computing the international Conference on Clud Computing, Grids, adn Virtualization

SP - 30

EP - 40

BT - Cloud Computing 2023, The fourteenth International Conference on Clud Computing, Grids, and Virtualisation

PB - International Academy, Research, and Industry Association (IARIA)

T2 - The Fourteenth International Conference on Cloud Computing, GRIDs, and Virtualization<br/>

Y2 - 26 June 2023 through 30 June 2023

ER -

Sutherland JA, Coull N , Ferguson RI. On the creation of a secure key enclave via the use of memory isolation in systems management mode. In Cloud Computing 2023, The fourteenth International Conference on Clud Computing, Grids, and Virtualisation. International Academy, Research, and Industry Association (IARIA). 2023. p. 30-40. (Cloud Computing the international Conference on Clud Computing, Grids, adn Virtualization).

On the creation of a secure key enclave via the use of memory isolation in systems management mode

Abstract

Publication series

Conference

Keywords

UN SDGs

Access to Document

Fingerprint

Student theses

On improving cybersecurity through memory isolation using systems management mode

Cite this