On the Creation of a Secure Key Enclave via the Use of Memory Isolation in Systems Management Mode

Sutherland, James; Coull, Natalie; Ferguson, Robert

Home // CLOUD COMPUTING 2023, The Fourteenth International Conference on Cloud Computing, GRIDs, and Virtualization // View article

On the Creation of a Secure Key Enclave via the Use of Memory Isolation in Systems Management Mode

Authors:
James Sutherland
Natalie Coull
Robert Ferguson

Keywords: key-enclave; hardware security; system-management mode

Abstract:
One of the challenges of modern cloud computer security is how to isolate or contain data and applications in a variety of ways, while still allowing sharing where desirable. Hardware-based attacks such as RowHammer and Spectre have demonstrated the need to safeguard the cryptographic operations and keys from tampering upon which so much current security technology depends. This paper describes research into security mechanisms for protecting sensitive areas of memory from tampering or intrusion using the facilities of Systems Management Mode. The work focuses on the creation of a small, dedicated area of memory in which to perform cryptographic operations, isolated from the rest of the system. The approach has been experimentally validated by a case study involving the creation of a secure webserver whose encryption key is protected using this approach such that even an intruder with full Administrator level access cannot extract the key.

Pages: 30 to 40

Copyright: Copyright (c) IARIA, 2023

Publication date: June 26, 2023

Published in: conference

ISSN: 2308-4294

ISBN: 978-1-68558-044-5

Location: Nice, France

Dates: from June 26, 2023 to June 30, 2023