In cloud computing, since virtual machines (VMs) running on the same physical server share CPU caches, adversaries can exploit CPU's vulnerabilities to launch shared cache attacks (e.g., Spectre vulnerability) for illegally accessing sensitive data (e.g., key of symmetric encryption) on other VMs. Since it is difficult to fix such vulnerabilities, in this paper, we propose a novel solution that leverages two salient features of white-box encryption to protect data against such attacks: white-box encryption turns the keys and code into unintelligible programs; it is provably secure even if part of its critical data is accessed by adversaries. Although there are many white-box schemes, they cannot be used in our solution due to their limitations. Therefore, we propose a new white-box encryption scheme with highly efficient instances. These instances are parameterized, and can be configured according to the tradeoff between security margin and storage cost. Moreover, our scheme is provably secure in the space-hardness model. The evaluation shows that our solution works well in public clouds and outperforms other methods.
|Title of host publication
|Proceedings - 2021 IEEE 32nd International Symposium on Software Reliability Engineering, ISSRE 2021
|Zhi Jin, Xuandong Li, Jianwen Xiang, Leonardo Mariani, Ting Liu, Xiao Yu, Nahgmeh Ivaki
|Number of pages
|Published - Oct 2021
|Proceedings - International Symposium on Software Reliability Engineering, ISSRE