Visible to the public Biblio

Filters: Author is Götzfried, Johannes  [Clear All Filters]
2017-11-03
Weichslgartner, Andreas, Wildermann, Stefan, Götzfried, Johannes, Freiling, Felix, Glaß, Michael, Teich, Jürgen.  2016.  Design-Time/Run-Time Mapping of Security-Critical Applications in Heterogeneous MPSoCs. Proceedings of the 19th International Workshop on Software and Compilers for Embedded Systems. :153–162.
Different applications concurrently running on modern MPSoCs can interfere with each other when they use shared resources. This interference can cause side channels, i.e., sources of unintended information flow between applications. To prevent such side channels, we propose a hybrid mapping methodology that attempts to ensure spatial isolation, i.e., a mutually-exclusive allocation of resources to applications in the MPSoC. At design time and as a first step, we compute compact and connected application mappings (called shapes). In a second step, run-time management uses this information to map multiple spatially segregated shapes to the architecture. We present and evaluate a (fast) heuristic and an (exact) SAT-based mapper, demonstrating the viability of the approach.
2017-10-13
Weichslgartner, Andreas, Wildermann, Stefan, Götzfried, Johannes, Freiling, Felix, Glaß, Michael, Teich, Jürgen.  2016.  Design-Time/Run-Time Mapping of Security-Critical Applications in Heterogeneous MPSoCs. Proceedings of the 19th International Workshop on Software and Compilers for Embedded Systems. :153–162.

Different applications concurrently running on modern MPSoCs can interfere with each other when they use shared resources. This interference can cause side channels, i.e., sources of unintended information flow between applications. To prevent such side channels, we propose a hybrid mapping methodology that attempts to ensure spatial isolation, i.e., a mutually-exclusive allocation of resources to applications in the MPSoC. At design time and as a first step, we compute compact and connected application mappings (called shapes). In a second step, run-time management uses this information to map multiple spatially segregated shapes to the architecture. We present and evaluate a (fast) heuristic and an (exact) SAT-based mapper, demonstrating the viability of the approach.

2017-05-30
Götzfried, Johannes, Müller, Tilo, Drescher, Gabor, Nürnberger, Stefan, Backes, Michael.  2016.  RamCrypt: Kernel-based Address Space Encryption for User-mode Processes. Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security. :919–924.

We present RamCrypt, a solution that allows unmodified Linux processes to transparently work on encrypted data. RamCrypt can be deployed and enabled on a per-process basis without recompiling user-mode applications. In every enabled process, data is only stored in cleartext for the moment it is processed, and otherwise stays encrypted in RAM. In particular, the required encryption keys do not reside in RAM, but are stored in CPU registers only. Hence, RamCrypt effectively thwarts memory disclosure attacks, which grant unauthorized access to process memory, as well as physical attacks such as cold boot and DMA attacks. In its default configuration, RamCrypt exposes only up to 4 memory pages in cleartext at the same time. For the nginx web server serving encrypted HTTPS pages under heavy load, the necessary TLS secret key is hidden for 97% of its time.