{"id":13783047,"url":"https://github.com/mseitzer/bispe","last_synced_at":"2026-01-24T03:36:51.675Z","repository":{"id":108935139,"uuid":"69971946","full_name":"mseitzer/bispe","owner":"mseitzer","description":"A Bytecode Interpreter for Secure Program Execution in Untrusted Main Memory","archived":false,"fork":false,"pushed_at":"2016-10-09T21:05:38.000Z","size":89,"stargazers_count":3,"open_issues_count":0,"forks_count":2,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-01T06:11:58.086Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mseitzer.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2016-10-04T14:19:27.000Z","updated_at":"2023-11-05T11:50:39.000Z","dependencies_parsed_at":"2023-07-07T12:45:16.815Z","dependency_job_id":null,"html_url":"https://github.com/mseitzer/bispe","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mseitzer%2Fbispe","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mseitzer%2Fbispe/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mseitzer%2Fbispe/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mseitzer%2Fbispe/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mseitzer","download_url":"https://codeload.github.com/mseitzer/bispe/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253863543,"owners_count":21975671,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T18:01:51.871Z","updated_at":"2026-01-24T03:36:46.657Z","avatar_url":"https://github.com/mseitzer.png","language":"C","funding_links":[],"categories":["C"],"sub_categories":[],"readme":"# A Bytecode Interpreter for Secure Program Execution in Untrusted Main Memory\n\nBispe is a bytecode interpreter which protects executed programs against physical attacks on memory such as [Coldboot](https://en.wikipedia.org/wiki/Cold_boot_attack) or [DMA attacks](https://en.wikipedia.org/wiki/DMA_attack).\nTo this end, the interpreter encrypts all code and data of executed programs, holding them in the clear only in CPU registers. \nAs a secure implementation of this idea requires deep system access, Bispe is devised as a Linux kernel module. \nBispe is built on [TRESOR](https://www1.cs.fau.de/tresor), a memory attack resistant implementation of AES which is used to setup secure full disk encryption. In particular, TRESOR holds the used encryption key in the debug registers, i.e. not in vulnerable RAM.\n\nThis project originated from my bachelor's thesis at FAU Erlangen-Nuremberg, Germany.\nThe associated research paper was published at ESORICS 2015. \n\nProject homepage at the chair for IT Security Infrastructures at FAU:\n\nhttps://www1.cs.fau.de/bispe\n\n## Usage\n\n### Preliminaries:\nYour CPU needs support for the AVX and AES-NI instruction set extensions in order to run the interpreter (e.g a Intel Core i5/i7 CPU)\nYou can check this using:\n```\ngrep -o -e avx -e aes /proc/cpuinfo\n```\n\n### Compilation:\nRun `make` from the project's root directory. \nTo compile the code, you will need `linux-headers-generic` and a recent gcc version. \n\n### Loading the kernel module:\n```\ncd bin\nsudo insmod bispe_km.ko\n```\nYou can verify if the kernel module was correctly loaded by looking at the output of \n```\ndmesg | less\n```\n\n### Setting a password:\nIn order to compile/run encrypted programs, an encryption key is needed within the CPU's registers.\nThis key is derived from a user-specified password. \n\nUsually, to set the key in a manner secure against memory attacks, this would have to happen at boot time. \nThis can be done by using the [TRESOR](https://www1.cs.fau.de/tresor) kernel patch. \nThe patch also implements further measures to keep the key secret at system runtime. \n\nTo just play around with the interpreter, you can set a password with the interpreter frontend\n```\nsudo ./bispe -p\n```\n(refer to 'Implementation notes' to see why this and all subsequent commands need sudo)\n\n### Compiling to encrypted bytecode:\nThe interpreter uses encrypted bytecode as input. \nThe accompanying compiler produces those from code files.\n\nTo compile a file and encrypt it using the currently set encryption key:\n```\nsudo ./compiler ../examples/hello_world.scll\n```\n\n### Running the interpreter:\nFinally, the encrypted bytecode is passed to the interpreter frontend for execution:\n```\nsudo ./bispe ../examples/hello_world.scle 1 2\n```\nHere, `1 2` refers to the program's arguments. \nIn this case, the program just adds them, that's why it outputs `3`.\n\n### Unloading the kernel module:\nIf you want to unload the kernel module, use: \n```\nsudo rmmod bispe_km\n```\n\n## Research paper\n\nThe research paper was published in: \n\n\u003e Maximilian Seitzer, Michael Gruhn, and Tilo Müller. *A Bytecode Interpreter for Secure Program Execution in Untrusted Main Memory*. In Computer Security – ESORICS 2015, volume 9327 of Lecture Notes in Computer Science, pages 376–395. Springer International Publishing, 2015.\n\nPaper abstract: \n\u003e Physical access to a system allows attackers to read out RAM through cold boot and DMA attacks. Thus far, counter measures protect only against attacks targeting disk encryption keys, while the remaining memory content is left vulnerable. We present a bytecode interpreter that protects code and data of programs against memory attacks by executing them without using RAM for sensitive content. Any program content within memory is encrypted, for which the interpreter utilizes TRESOR, a cold boot resistant implementation of the AES cipher. The interpreter was developed as a Linux kernel module, taking advantage of the CPU instruction sets AVX for additional registers, and AES-NI for fast encryption. We show that the interpreter is secure against memory attacks, and that the overall performance is only a factor of 4 times slower than the performance of Python. Moreover, the performance penalty is mostly induced by the encryption.\n\n## Implementation notes\n\nAs this is a research prototype, the amount of programs the interpreter can execute are limited. So far, only a small language with C-like syntax is supported. \nSee the examples folder for a couple of programs in the interpreter's syntax. \nThe grammar the compiler accepts can be found in `compiler/grammar.txt`.\n\nI implemented the compiler before taking any compiler classes. \nAs such, the compiler's code might look sketchy here and there, but it gets the job done. \nThe focus of the project is not the compiler anyways. \nAnd its error messages are not very helpful :-)\n\n### Why does it need sudo?\nThe compiler and the interpreter frontend communicate with the interpreter kernel module over the kernel's sys-filesystem. \nA change to the Linux kernel that was made after the project's completion introduced that only root can write to objects within the sys-filesystem. \nThis is the reason sudo is needed.\nTo change that, an alternative kernel communication mechanism would have to be used.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmseitzer%2Fbispe","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmseitzer%2Fbispe","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmseitzer%2Fbispe/lists"}