RegVault: Hardware Assisted Selective Data Randomization for Operating System Kernels
TimeWednesday, July 13th4:10pm - 4:30pm PDT
Location3005, Level 3
Hardware Security: Primitives, Architecture, Design & Test
DescriptionThe fine-grained lightweight data protection primitive is still missing in the kernel currently, and a compromised kernel can leak sensitive data and even allow control of the system.
We present a novel hardware-assisted selective data randomization scheme *RegVault* to protect kernel sensitive data from leakage and tampering.
We extend the RISC-V instruction set to provide cryptographically strong primitive for register-grained data randomization and demonstrate control data and selective non-control data protection in Linux kernel.
The evaluation results show that *RegVault* can effectively defend against the kernel data attacks with negligible performance overhead (2.5%) on micro-benchmark and close-to-zero overhead on macro-benchmark.