Subscribe free to our newsletters via your
. Military Space News .




CYBER WARS
Cloud security reaches silicon
by Staff Writers
Boston MA (SPX) Apr 30, 2015


File image.

In the last 10 years, computer security researchers have shown that malicious hackers don't need to see your data in order to steal your data. From the pattern in which your computer accesses its memory banks, adversaries can infer a shocking amount about what's stored there.

The risk of such attacks is particularly acute in the cloud, where you have no control over whose applications are sharing server space with yours. An antagonist could load up multiple cloud servers with small programs that do nothing but spy on other people's data.

Two years ago, researchers in the group of MIT's Srini Devadas, the Edwin Sibley Webster Professor in MIT's Department of Electrical Engineering and Computer Science, proposed a method for thwarting these types of attacks by disguising memory-access patterns. Now, they've begun to implement it in hardware.

In March, at the Architectural Support for Programming Languages and Operating Systems conference, they presented the layout of a custom-built chip that would use their scheme, which is now moving into fabrication. And at the IEEE International Symposium on Field-Programmable Custom Computing Machines in May, they will describe some additional improvements to the scheme, which they've tested on reconfigurable chips.

The principle behind the scheme is that, whenever a chip needs to fetch data from a particular memory address, it should query a bunch of other addresses, too, so that an adversary can't determine which one it's really interested in. Naturally, this requires shipping much more data between the chip and memory than would otherwise be necessary.

To minimize the amount of extra data needed, the researchers store memory addresses in a data structure known as a "tree." A family tree is a familiar example of a tree, in which each "node" (a person's name) is attached to only one node above it (the node representing the person's parents) but may connect to several nodes below it (the person's children).

Every address is randomly assigned to a path through the tree - a sequence of nodes stretching from the top of the tree to the bottom, with no backtracking. When the chip requires the data stored at a particular address, it also requests data from all the other nodes on the same path.

In earlier work, researchers in Devadas' group were able to prove that pulling data from a single path was as confounding to an adversary as if the chip had pulled data from every single memory address in use - every node of the tree.

Breaking the logjam
After reading data from a path, however, the chip also has to write data to the whole path; otherwise, an adversary could determine which node was the one of interest. But the chip rarely stores data in the same node that it read it from.

Most nodes lie on multiple paths: To take the most basic example, the single node at the top, or root, of the tree lies on every path. When the chip writes a block of data to memory, it pushes it as far down the tree as it can, which means finding the last vacancy before the block's assigned path branches off from path that was just read.

"The root of the tree is a lot smaller than the bottom of tree," says Albert Kwon, an MIT graduate student in electrical engineering and computer science and one of the papers' co-authors. "So intuitively, you want to push down as far as you can toward the bottom, so that there's no congestion at the top."

In writing data, the chip still has to follow the sequence of nodes in the path; otherwise, again, an adversary might be able to infer something about the data being stored. In previous attempts at similar systems, that meant sorting the memory addresses according to their ultimate locations in the tree.

"Sort is not easy to do in hardware," says Chris Fletcher, another graduate student in Devadas' group and first author on the new paper. "So by the time you've sorted everything, you've taken a real performance hit."

In the chip described in their latest paper, Fletcher, Devadas, Kwon, and their co-authors - Ling Ren, also an MIT graduate student in electrical engineering and computer science, and colleagues at the University of Connecticut, the University of California at Berkeley, and the Qatar Computing Research Institute - took a different approach.

They gave their chip an extra memory circuit, with storage slots that can be mapped onto the sequence of nodes in any path through the tree. Once a data block's final location is determined, it's simply stored at the corresponding slot in the circuit. All of the blocks are then read out in order.

Stockpiled secrets
The new chip features another trick to improve efficiency: Rather than writing data out every time it reads data in, it writes only on every fifth read. On the other reads, it simply discards all of the decoy data.

When it finally does write data back out, it will have, on average, five extra blocks of data to store on the last path it read. But there are generally enough vacancies in the tree to accommodate the extra blocks. And when there aren't, the system's ordinary protocols for pushing data as far down the tree as possible can handle the occasional logjam at the top.

Today's chips have small, local memory banks called caches in which they store frequently used data; for applications that use caching efficiently, all that extra reading and writing generally increases computation time by only about 20 percent. For applications that don't use caching efficiently, computation time can increase fivefold, or even more.

But according to the researchers, one of the advantages of their scheme is that the circuits that implement it can simply be added to existing chip designs, without much retooling. The extra layer of security can then be switched on and off as needed. Some cloud applications may use it all the time; others may opt against it entirely; still others may activate it only when handling sensitive information, such as credit card numbers.


Thanks for being here;
We need your help. The SpaceDaily news network continues to grow but revenues have never been harder to maintain.

With the rise of Ad Blockers, and Facebook - our traditional revenue sources via quality network advertising continues to decline. And unlike so many other news sites, we don't have a paywall - with those annoying usernames and passwords.

Our news coverage takes time and effort to publish 365 days a year.

If you find our news sites informative and useful then please consider becoming a regular supporter or for now make a one off contribution.
SpaceDaily Contributor
$5 Billed Once


credit card or paypal
SpaceDaily Monthly Supporter
$5 Billed Monthly


paypal only


.


Related Links
Massachusetts Institute of Technology
Cyberwar - Internet Security News - Systems and Policy Issues






Comment on this article via your Facebook, Yahoo, AOL, Hotmail login.

Share this article via these popular social media networks
del.icio.usdel.icio.us DiggDigg RedditReddit GoogleGoogle








CYBER WARS
Raytheon forming cyber-security JV; launches new products
Waltham, Mass. (UPI) Apr 27, 2015
Raytheon is investing $1.57 billion in the formation of a joint venture company to provide defense-grade cyber solutions for the global cyber-security markets. The still unnamed new company is being formed with Websense, a portfolio company of Vista Equity partners, and will leverage Raytheon's advanced cyber-security technologies and Websense's industry leading TRITON information secur ... read more


CYBER WARS
Turkish firm joins NATO BMD support effort

Poland speeding up Patriot system buy

$2B Patriot order for Raytheon

Romania 'Agression Platform' Against Russia With US Missile Defense Systems

CYBER WARS
Chinese Military Expert Warns of THAAD Risks to Regional Security

Russia conducts field-testing of maneuverable S-400 Missile

Russia Ready to SellS-300 Missiles to Iran if Sanctions Fall

Navy conducts production acceptance test of Tomahawk missile

CYBER WARS
Pakistan says botched strike highlights dangers of US drone war

X-37B Goes Fourth

X-47B unmanned aerial system demos in-flight refueling

A focus on flight

CYBER WARS
U.S. Special Operations Command orders MUOS-capable radios

Thales supplying intercoms for Australian military vehicles

Army issues draft RFP for manpack radios

Rockwell Collins intros new military communications system

CYBER WARS
EXACTO guided bullet demos repeatable performance against moving targets

Australia seeks sustainment services for fighters, warships

Exelis, L-3 Platform Integration team for EW capability

New work for CACI in helping combat IEDs

CYBER WARS
Navy Sees Future Not in F-35s, But in Unmanned Aircraft

Growth seen for Latin America's defense market

US military worries about losing hi-tech edge

FLIR Systems settles SEC charges

CYBER WARS
Beijing Details Plans for Artificial Islands in South China Sea

ASEAN warns sea reclamation 'may undermine peace'

US army walks cultural minefield training Ukraine troops

Obama, Abe revitalize ties as China 'flexes muscles'

CYBER WARS
Chemists create tiny gold nanoparticles that reflect nature's patterns

Optics, nanotechnology combined to create low-cost sensor for gases

Water makes wires even more nano

Light-powered gyroscope is world's smallest




The content herein, unless otherwise known to be public domain, are Copyright 1995-2014 - Space Media Network. All websites are published in Australia and are solely subject to Australian law and governed by Fair Use principals for news reporting and research purposes. AFP, UPI and IANS news wire stories are copyright Agence France-Presse, United Press International and Indo-Asia News Service. ESA news reports are copyright European Space Agency. All NASA sourced material is public domain. Additional copyrights may apply in whole or part to other bona fide parties. Advertising does not imply endorsement, agreement or approval of any opinions, statements or information provided by Space Media Network on any Web page published or hosted by Space Media Network. Privacy Statement All images and articles appearing on Space Media Network have been edited or digitally altered in some way. Any requests to remove copyright material will be acted upon in a timely and appropriate manner. Any attempt to extort money from Space Media Network will be ignored and reported to Australian Law Enforcement Agencies as a potential case of financial fraud involving the use of a telephonic carriage device or postal service.