Selective data protection is a promising technique to defend against the data leakage attack. In this paper, we revisit technical challenges that were neglected when applying this protection to real applications. These challenges include the secure input channel, granularity conflict, and sensitivity conflict. We summarize the causes of them and propose corresponding solutions. Then we design and implement a prototype system for selective data protection and evaluate the overhead using the RISC-V Spike simulator. The evaluation demonstrates the efficiency (less than 3% runtime overhead with optimizations) and the security guarantees provided by our system.
翻译:选择性数据保护是防范数据泄漏攻击的有希望的方法。 在本文中,我们重新审视了在将这种保护应用于实际应用时被忽略的技术挑战。 这些挑战包括安全输入渠道、颗粒冲突和敏感性冲突。 我们总结了它们的原因并提出相应的解决办法。 然后我们设计并实施了选择性数据保护原型系统,并使用RISC-V Spik Spik模拟器评估间接费用。 评估显示了我们系统的效率( 低于3%的运行时间接费用, 优化) 和安全保障。