Projects per year
Abstract
Isolation is a long-standing security challenge. Privilege rings and virtual memory are increasingly augmented with capabilities, protection keys, and powerful enclaves. Moreover, we are facing an increased need for physical protection, e.g., via transparent memory encryption, resulting in a complex interplay of various security mechanisms. In this work, we tackle the isolation challenge with a new extensible isolation primitive called authenticryption shield that unifies various isolation policies. By using authenticated memory encryption, we streamline the security reasoning towards cryptographic guarantees. We showcase the versatility of our approach by designing and prototyping SERVAS – a novel enclave architecture for RISC-V. SERVAS facilitates a new efficient and secure enclave memory sharing mechanism. While the memory encryption constitutes the main overhead, invoking SERVAS enclave requires only 3.5x of a simple syscall instead of 71x for Intel SGX.
Original language | English |
---|---|
Title of host publication | Computer Security – ESORICS 2021 |
Subtitle of host publication | 26th European Symposium on Research in Computer Security, Darmstadt, Germany, October 4–8, 2021, Proceedings, Part II |
Editors | Elisa Bertino, Haya Shulman, Michael Waidner |
Place of Publication | Cham |
Publisher | Springer |
Pages | 370-391 |
Number of pages | 22 |
ISBN (Print) | 978-3-030-88427-7 |
DOIs | |
Publication status | Published - 2 Oct 2021 |
Event | 26th European Symposium on Research in Computer Security: ESORICS 2021 - Darmstadt Duration: 4 Oct 2021 → 8 Oct 2021 |
Publication series
Name | Lecture Notes in Computer Science |
---|---|
Volume | 12973 |
Conference
Conference | 26th European Symposium on Research in Computer Security |
---|---|
Abbreviated title | ESORICS 2021 |
City | Darmstadt |
Period | 4/10/21 → 8/10/21 |
ASJC Scopus subject areas
- Theoretical Computer Science
- General Computer Science
Fingerprint
Dive into the research topics of 'SERVAS! Secure Enclaves via RISC-V Authenticryption Shield'. Together they form a unique fingerprint.-
Data Security - KC - KD-07 Scalable Knowledge Discovery Components
1/07/17 → 31/12/26
Project: Research project
-
Espresso - Scalable hardware-secured authentication and personalization of intelligent sensor nodes
1/05/18 → 31/10/20
Project: Research project
-