Hardware Mechanisms for Efficient Memory System Security

The security of a computer system hinges on the trustworthiness of the operating system and the hardware, as applications rely on them to protect code and data. As a result, protections for safeguarding the hardware and OS from attacks are being continuously proposed and deployed. These defenses, however, are far from ideal as they only provide partial protection, require complex hardware and software stacks, or incur high overheads. This dissertation presents mechanisms for efficiently providing strong protections against an array of attacks on the memory hardware and the operating system's code and data.

In the first part of this dissertation, we analyze and optimize protections targeted at defending memory hardware from physical attacks. We begin by showing that, contrary to popular belief, current scrambled DDR3 and DDR4 memory systems are susceptible to cold boot attacks. We then describe how scramblers in modern memory controllers can be replaced by strong stream ciphers without impacting performance. We also present mechanisms for reducing overheads associated with authenticated memory encryption schemes that enable tamper-proof off-chip memory storage.

The second part of this dissertation presents Neverland: a low-overhead, hardware-assisted, memory protection scheme that safeguards the operating system's memory from rootkits and kernel-mode malware. Once the system is done booting, Neverland takes away the operating system's ability to overwrite certain configuration registers, as well as portions of the physical address space that contain kernel code and security-critical data. Furthermore, it prohibits the CPU from fetching privileged code from any memory region lying outside the physical addresses assigned to the OS kernel and drivers. Our solution enables operating systems to reduce their attack surface without having to rely on complex integrity monitoring software or hardware.

The mechanisms presented in this dissertation provide building blocks for constructing a secure computing base while incurring lower overheads than existing protections.