I do want to say that it is a well-written and thoughtful paper. The practical application of reconstructing keys from memory is cool. (But
it’s the overall attack vector is still not news, though. : ) I feel vindicated in some ways, actually. EVEN IF IT ISN’T NEWS! : )
It’s worth noting that back when we were debating what HW should, and shouldn’t, go into Palladium (late 90’s into 2001-ish) we spent quite a chunk of time talking to Intel and AMD about encrypted memory. There were some simple and wicked fast solutions that would have made this attack WAY harder as the keys to decrypt memory itself would live in the CPU or memory controller rather than RAM, and they could be de-persisted much more efficiently than RAM could.
However when we threat modeled it the only attack we came up with at the time was based on DRM.
To justify RAM encryption we needed to treat the “owner” of the machine as an absolute persistent and viable threat, and that bothered me for two reasons:
It meant that the notion of people being able to hack their own machines could become extraordinarily more difficult. I am hugely in favor of people at least having the potential to hack their own machines, so this really bugged me. I count on plucky rebels to keep evil empires in check.
The only serious reason we could come up with back then to go so far in protecting memory was to protect DRM keys from machine owners, and so long as the analog hole existed it seemed particularly crazy to go so far to protect something that was used to protect data that was leaking like as from a sieve everywhere else. Darknet FTW, as it were.
So I decided no encrypted memory for Palladium.
Not sure, in hindsight, if that wasn’t a mistake? Oh the irony!