Hardware for Securing Cloud Memory
Hackers can be incredibly creative people as they attempt to harvest data from the cloud. While some people may think that encrypted data is safe on a server, by carefully watching memory use it is possible to learn what the data is. Researchers at MIT though have designed a piece of hardware to thwart this, without increasing computational overhead greatly.
Encrypting data on a server will protect it from being read if someone steals the data, but it turns out that information about the data can be gathered without ever touching it. This is accomplished by studying memory access patterns, such as how frequently specific memory addresses are accessed. To defeat such an attack the server can access multiple memory address at the same time, obfuscating the interesting data. What the MIT researchers have done is designed hardware to accomplish this very efficiently by way of trees. The hardware arranges memory addresses in a tree, similar to a family tree, where each node can connect to several below, but only one above. When one address is needed, the entire path from top to bottom is accessed, and afterward the address is swapped with a different node in the tree.
The hardware also protects the data from attacks that measure the time between computations, by pulling data at regular intervals, whether it is needed or not. Impressively the proposed design would only increase overhead by a factor of three or four, instead of by one hundred, as some would expect.