Evaluate RAM memory encryption solution to improve resiliency against memory dump

[fpietrosanti]

This ticket is to evaluate RAM memory encryption technical solution to improve resiliency against memory dump.

The core security improvement would be to defeat simpler memory dump with string analysis done against a virtual machine or against a physical machine with direct memory access.

The system must not be "perfect" but should introduce resiliency against basic attacks.

The implementation have to be lightweight and with no major compatibility issue.

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

[fpietrosanti]

Some interesting solutions found on the net:

CryptKeeper Improving Security with Encrypted RAM www.researchgate.net/publication/224201954_Cryptkeeper_Improving_security_with_encrypted_RAM/file/d912f50cfdf4b2e20b.pdf

Some nice discussion: http://stackoverflow.com/questions/12052942/linux-of-equivalent-cryptprotectmemory

[fpietrosanti]

Useful info from SecureDrop's ticket https://github.com/freedomofpress/securedrop/issues/99#issuecomment-47292943

[fpietrosanti]

Other useful information from SecureDrop's ticket https://github.com/freedomofpress/securedrop/pull/477

[hellais]

Yeah mlock is the correct solution to this matter, but it would require us to write a special python C based binding.

[evilaliv3]

The RAM encryption is Implemented since time; the only missing part is the mlockall(1|2) that is now tracked by a specific ticket.

[fpietrosanti]

@evilaliv3 If it's implemented (are we sure?!?), it must be documented in the Application Technical Security Document to close this ticket, explaining how does it works. Afaik SD did managed to do it only with custom C-code patching and kernel's PAX feature that we are not using

[evilaliv3]

ah no you are right, i was confusing this ticket with the encryption in RAM.