利用页面隐藏机制保护内存数据

Protecting Data in Memory by Hiding Pages

由于计算机体系结构的限制,数据在内存中始终以明文形式存在,这为攻击者提供了便利.可以将诸如密钥这样的安全敏感数据从内存中转移到处理器寄存器中实施保护,但是限于寄存器的容量,这种方法只适应于小体积的数据.也可以利用虚拟机监控器来保护内存中的安全敏感数据,但是这种方法由于引入了虚拟机监控器,导致计算机性能受到了较大的影响.本文立足操作系统,采用页面隐藏的方法来保护内存数据.具体来说,就是通过修改操作系统内核,在不影响处理器正常访问进程指令和数据的前提下,改变虚拟地址与物理地址映射关系,使包含敏感数据的页面只在处理器访问时才出现在进程地址空间,减少敏感数据暴露时间,增加攻击者窥视用户敏感数据的困难.为了验证方法的有效性,基于Fedora 21(内核版本号:3. 17. 6)构建原型系统.功能测试表明:本方法能够在不影响进程正常运行的前提下隐藏敏感数据.性能测试表明:虽然单个页面访问的时间开销增加明显,但是对系统性能整体开销影响在1%左右.

Due to the computer architecture,data always exists in memory as plaintext. This provides a gateway for attackers. The security sensitive data,such as user password,can be transferred from memory to processor registers for the protection. However,the registers fail to hold too much data because of their limited capacity. The data can be protected with the support of virtual machine monitor. However,virtual machine monitor introduce heavy performance overhead. Thus,we propose a novel way to protect the data in the memory by hiding the pages. To the end,we patch the kernel to change the mapping between the virtual address and physical address without affecting the processor’s normal access to process instructions and data. In this way,the pages that hold the security sensitive data are hiding from the address room of the process. As a result,it make it difficult to cheat the data because they are not in the address room in most of time. We have developed prototype system on Fedora 21 with a 3. 17. 6 kernel. Our tests show that our solution is able to hide the security sensitive data without disturbing the process. Although the time cost of accessing page increases significantly,the overall system performance overhead is affected by about 1%.