TWC: Medium: Collaborative: DIORE: Digital Insertion and Observation Resistant Execution

TWC：媒介：协作：DIORE：数字插入和抗观察执行

• 批准号: 1314709
• 负责人: Mohit Tiwari
• 金额: $ 40万
• 依托单位: University of Texas at Austin
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2013
• 资助国家: 美国
• 起止时间: 2013-08-01 至 2017-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1314709&HistoricalAwards=false
• 关键词: TWC; Medium; Collaborative; DIORE; Digital

Cloud computing allows users to delegate data and computation to cloud providers, at the cost of giving up physical control of their computing infrastructure. An attacker with physical access to the computing platform can perform various physical attacks, referred to as digital insertion and observation attacks, which include probing memory buses, tampering with memory, and cold-boot style attacks. While memory encryption can prevent direct leakage of data under digital observation, memory access patterns to even encrypted data may leak sensitive information. This work will allow organizations to securely outsource their computing infrastructure to an untrusted cloud provider, while preserving a similar level of security as if hosting the infrastructure in houseThis project will develop DIORE (Digital Insertion and Observation Resistant Execution) which is a combined hardware software platform immune to digital insertion and observation attacks. DIORE provides memory-trace oblivious execution, relying on efficient hardware implementations of Oblivious RAM, and novel compiler techniques for partitioning programs such that Oblivious RAM accesses are minimized. This ensures that an adversary with access to a program execution's memory trace learns nothing about the code or data other than what is revealed intentionally. DIORE opens up possibilities for new cloud applications involving sensitive information such as genomic, medical, or financial data -- domains that are considered too privacy sensitive for today's cloud.

云计算允许用户将数据和计算委托给云提供商，代价是放弃对计算基础设施的物理控制。具有对计算平台的物理访问的攻击者可以执行各种物理攻击，称为数字插入和观察攻击，其包括探测存储器总线、篡改存储器和冷启动式攻击。 虽然存储器加密可以防止在数字观测下的数据的直接泄漏，但是对甚至加密的数据的存储器访问模式可能泄漏敏感信息。这项工作将使组织能够安全地将其计算基础设施外包给不受信任的云提供商，同时保持与在内部托管基础设施类似的安全级别。该项目将开发DIORE（数字插入和观察抵抗执行），这是一个组合的硬件软件平台，不受数字插入和观察攻击的影响。DIORE提供内存跟踪不经意执行，依赖于不经意RAM的高效硬件实现，以及用于分区程序的新颖编译器技术，使得不经意RAM访问最小化。这确保了可以访问程序执行的内存跟踪的攻击者除了故意透露的内容之外，对代码或数据一无所知。DIORE为涉及基因组、医疗或金融数据等敏感信息的新云应用程序开辟了可能性--这些领域被认为对当今的云计算过于隐私敏感。