Public cloud environment, data encryption has become a key means to ensure data security. But when a chip needs to send or receive data stored outside of the chip, it will give the attacker an opportunity to learn about the workload and pinpoint the target.
At a MIT press release on July 2, researchers brought a system called Ascend that addresses the security flaws that involve memory access.
Ascend, through a series of measures to minimize the possibility of an attacker getting information from memory data transfers, invented a new way of querying memory addresses:
Devadas, along with his graduate students Ling Ren, Xiangyao Yu, Chistopher Fletcher, and research scientist Marten van Dijk, replaced the memory address structure with a "tree" data structure. Genealogy is one of the most common examples of tree structures where each "node" is a person's name; each node has its own unique node, which is its parent in the genealogy; however, they all may have several subordinates Nodes, that is, children.
Ascend randomly assigns addresses to nodes. Each node has a specific path to the root node, and these paths and nodes form a minimum spanning tree. When the processor needs the data of a node, it sends the request to all the nodes on the corresponding path.
More importantly, Ascend will swap this address with other memory addresses when the chip needs to access a single memory address. This is the case where accessing the same address multiple times is rare because it requires traversing the same path.
Even when the chip is busy and does not need to read data from memory, the system also sends periodic requests to prevent attackers from gaining real memory access frequency. This is important because the huge gaps in requests can highlight some special needs, and attackers can find important work worth attacking.
One of the researchers, Srini Devadas, a professor of electrical engineering and computer science, affirmed that the system is not yet completed, but given the widespread use of cloud services today, Ascend is definitely worth the wait.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.