CIPSEC will be at ESORICS 2017

Monday, September 11, 2017
(Oslo, Norway)

CIPSEC will be at ESORICS 2017 (22nd European Symposium on Research in Computer Security) represented by Foundation for Research and Technology - Hellas (FORTH)

ESORICS is the annual European research event in Computer Security. The Symposium started in 1990 and has been held in several European countries, attracting a wide international audience from both the academic and industrial communities. Papers offering novel research contributions in computer security are solicited for submission to the Symposium. The primary focus is on original, high quality, unpublished research and implementation experiences. We encourage submissions of papers discussing industrial research and development.

Researches from FORTH are authors of the paper "No Sugar but all the Taste! Memory Encryption without Architectural Support" accepted to be presented at this conference.

The protection of in situ data, typically require solutions that involve dierent kinds of encryption schemes. Even though the majority of these solutions prioritize the protection of cold data stored on secondary devices, it has been shown that sensitive information like passwords, secrets, and private data can be easily exltrated from main memory as well, by adversaries with physical access. As such, the protection of hot data that reside on main memory is equally important.
In this paper, we aim to investigate whether it is possible to achieve memory encryption without any architectural support at a reasonable performance cost. In particular, we propose the rst of its kind softwarebased memory encryption approach, which ensures that sensitive data will remain encrypted in main memory at all times. Our approach is based on commodity o-the-shelf hardware, and is totally transparent to legacy applications. To accommodate dierent applications needs, we have built two versions of main memory encryption: Full and Selective Memory Encryption. Additionally, we provide a new memory allocation library that allows programmers to manage granular sensitive memory regions according to the specic requirements of each application. We conduct an extensive quantitative evaluation and characterization of the overheads of our software-based memory encryption, using both microbenchmarks and real-world application workloads. Our results show that the performance overheads due to memory encryption are tolerable in real-world network scenarios, below 17% for HTTP and 27% for HTTPS.