Deep Integration of a Memory Encryption Engine in Modern Processor Designs

Abstract

Keeping execution of data secure from potential attackers is a major concern today, especially in cloud computing. Intel SGX is one example of such a trusted execution environment, utilising isolation of data on-chip memory and encryption off-chip. However, numerous publications have been published exploiting its vulnerabilities with different types of side-channel, Spectre and Meltdown attacks. In this thesis, we propose a relocation of the encryption stage deeper into a processor’s memory hierarchy which could be a potential solution for a more secure system. We introduce two systems: first moving the encryption stage to before the shared last-level cache, second encrypting before the first level data cache with an added dedicated cache for cryptography. For the second different placements of prefetching are investigated further. Through simulations using the gem5 simulator, we show that these systems suffer minor performance losses compared to using no encryption at all.