MEMES: Memory Encryption-Based Memory Safety on Commodity Hardware

David Schrammel; Salmin Sultana; Michael LeMay; David Durham; Martin Unterguggenberger; Pascal Nasahl; Stefan Mangard

doi:10.5220/0012050300003555

MEMES: Memory Encryption-Based Memory Safety on Commodity Hardware

David Schrammel, Salmin Sultana, Michael LeMay, David Durham, Martin Unterguggenberger, Pascal Nasahl, Stefan Mangard

2023

Abstract

Memory encryption is an effective security building block broadly available on commodity systems from Intel® and AMD. Schemes, such as Intel® TME-MK and AMD SEV, help provide data confidentiality and integrity, enabling cryptographic isolation of workloads on shared platforms. However, due to their coarse encryption granularity (i.e., pages or entire virtual machines), these hardware-enabled primitives cannot unleash their full potential to provide protection for other security applications, such as memory safety. To this end, we present a novel approach to achieving sub-page-granular memory encryption without hardware modifications on off-the-shelf systems featuring Intel®’s TME-MK. We showcase how to utilize our fine-grained memory encryption approach for memory safety by introducing MEMES. MEMES is capable of mitigating both spatial and temporal heap memory vulnerabilities by encrypting individual memory objects with different encryption keys. Compared to other hardware-based memory safety schemes, our approach works on existing commodity hardware, which allows easier adoption. Our extensive analysis attests to the strong security benefits which are provided at a geometric mean runtime overhead of just 16–27%.

Download

Paper Citation

in Harvard Style

Schrammel D., Sultana S., LeMay M., Durham D., Unterguggenberger M., Nasahl P. and Mangard S. (2023). MEMES: Memory Encryption-Based Memory Safety on Commodity Hardware. In Proceedings of the 20th International Conference on Security and Cryptography - Volume 1: SECRYPT; ISBN 978-989-758-666-8, SciTePress, pages 25-36. DOI: 10.5220/0012050300003555

in Bibtex Style

@conference{secrypt23,
author={David Schrammel and Salmin Sultana and Michael LeMay and David Durham and Martin Unterguggenberger and Pascal Nasahl and Stefan Mangard},
title={MEMES: Memory Encryption-Based Memory Safety on Commodity Hardware},
booktitle={Proceedings of the 20th International Conference on Security and Cryptography - Volume 1: SECRYPT},
year={2023},
pages={25-36},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012050300003555},
isbn={978-989-758-666-8},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 20th International Conference on Security and Cryptography - Volume 1: SECRYPT
TI - MEMES: Memory Encryption-Based Memory Safety on Commodity Hardware
SN - 978-989-758-666-8
AU - Schrammel D.
AU - Sultana S.
AU - LeMay M.
AU - Durham D.
AU - Unterguggenberger M.
AU - Nasahl P.
AU - Mangard S.
PY - 2023
SP - 25
EP - 36
DO - 10.5220/0012050300003555
PB - SciTePress