Streamlining Integrity Tree Updates for Secure Persistent Non-Volatile Memory

Emerging non-volatile main memory (NVMM) is rapidly being integrated into computer systems. However, NVMM is vulnerable to potential data remanence and replay attacks. Established security models including split counter mode encryption and Bonsai Merkle tree (BMT) authentication have been introduced against such data integrity attacks. However, these security methods are not readily compatible with NVMM. Recent works on secure NVMM pointed out the need for data and its metadata, including the counter, the message authentication code (MAC), and the BMT to be persisted atomically. However, memory persistency models have been overlooked for secure NVMM, which is essential for crash recoverability. In this work, we analyze the invariants that need to be ensured in order to support crash recovery for secure NVMM. We highlight that prior research has substantially under-estimated the cost of BMT persistence and propose several optimization techniques to reduce the overhead of atomically persisting updates to BMTs. The optimizations proposed explore the use of pipelining, out-of-order writes, and update coalescing while conforming to strict or epoch persistency models respectively. We evaluate our work and show that our proposed optimizations significantly reduce the performance overhead of secure NVMM with crash recoverability.

[1]  Gary S. Tyson,et al.  Eager writeback-a technique for improving bandwidth utilization , 2000, Proceedings 33rd Annual IEEE/ACM International Symposium on Microarchitecture. MICRO-33 2000.

[2]  Kartik Mohanram,et al.  CASTLE: Compression Architecture for Secure Low Latency, Low Energy, High Endurance NVMs , 2018, 2018 55th ACM/ESDA/IEEE Design Automation Conference (DAC).

[3]  Kartik Mohanram,et al.  ASSURE: Authentication Scheme for SecURE energy efficient non-volatile memories , 2017, 2017 54th ACM/EDAC/IEEE Design Automation Conference (DAC).

[4]  Guy E. Blelloch,et al.  The Parallel Persistent Memory Model , 2018, SPAA.

[5]  Satish Narayanasamy,et al.  Language-level persistency , 2017, 2017 ACM/IEEE 44th Annual International Symposium on Computer Architecture (ISCA).

[6]  Terence Kelly,et al.  Failure-Atomic Persistent Memory Updates via JUSTDO Logging , 2016, ASPLOS.

[7]  Kartik Mohanram,et al.  ARSENAL: Architecture for Secure Non-Volatile Memories , 2018, IEEE Computer Architecture Letters.

[8]  Andy Rudoff,et al.  Persistent Memory Programming , 2017, login Usenix Mag..

[9]  Steven Swanson,et al.  Pangolin: A Fault-Tolerant Persistent Memory Programming Library , 2019, USENIX Annual Technical Conference.

[10]  Michael M. Swift,et al.  Mnemosyne: lightweight persistent memory , 2011, ASPLOS XVI.

[11]  Tuomas Aura,et al.  Strategies against replay attacks , 1997, Proceedings 10th Computer Security Foundations Workshop.

[12]  Benjamin C. Lee,et al.  PoisonIvy: Safe speculation for secure memory , 2016, 2016 49th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[13]  Brian Rogers,et al.  Using Address Independent Seed Encryption and Bonsai Merkle Trees to Make Secure Processors OS- and Performance-Friendly , 2007, 40th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO 2007).

[14]  Mao Ye,et al.  Osiris: A Low-Cost Mechanism to Enable Restoration of Secure Non-Volatile Memories , 2018, 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[15]  Ariel J. Feldman,et al.  Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[16]  Yuan Xie,et al.  SuperMem: Enabling Application-transparent Secure Persistent Memory with Low Overheads , 2019, MICRO.

[17]  Kartik Mohanram,et al.  ACME: Advanced Counter Mode Encryption for Secure Non-Volatile Memories , 2018, 2018 55th ACM/ESDA/IEEE Design Automation Conference (DAC).

[18]  Christopher Frost,et al.  Better I/O through byte-addressable, persistent memory , 2009, SOSP '09.

[19]  Samira Manabi Khan,et al.  Crash Consistency in Encrypted Non-volatile Main Memory Systems , 2018, 2018 IEEE International Symposium on High Performance Computer Architecture (HPCA).

[20]  Jongmoo Choi,et al.  ThyNVM: Enabling software-transparent crash consistency in persistent memory systems , 2015, 2015 48th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[21]  Brian Rogers,et al.  SHIELDSTRAP: Making secure processors truly secure , 2009, 2009 IEEE International Conference on Computer Design.

[22]  Satish Narayanasamy,et al.  Persistency for synchronization-free regions , 2018, PLDI.

[23]  Yu Hua,et al.  SecPM: a Secure and Persistent Memory System for Non-volatile Memory , 2018, HotStorage.

[24]  Yan Solihin,et al.  i-NVMM: A secure non-volatile main memory system with incremental encryption , 2011, 2011 38th Annual International Symposium on Computer Architecture (ISCA).

[25]  Yiying Zhang,et al.  Let the Cloud Watch Over Your IoT File Systems , 2019, ArXiv.

[26]  Thomas F. Wenisch,et al.  Delegated persist ordering , 2016, 2016 49th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[27]  Thomas F. Wenisch,et al.  High-Performance Transactions for Persistent Memories , 2016, ASPLOS.

[28]  Li Zhou,et al.  NVCool: When Non-Volatile Caches Meet Cold Boot Attacks , 2018, 2018 IEEE 36th International Conference on Computer Design (ICCD).

[29]  John L. Henning SPEC CPU2006 benchmark descriptions , 2006, CARN.

[30]  Rajeev Balasubramonian,et al.  VAULT: Reducing Paging Overheads in SGX with Efficient Integrity Verification Structures , 2018, ASPLOS.

[31]  G. Edward Suh,et al.  Caches and hash trees for efficient memory integrity verification , 2003, The Ninth International Symposium on High-Performance Computer Architecture, 2003. HPCA-9 2003. Proceedings..

[32]  Brian Rogers,et al.  Improving Cost, Performance, and Security of Memory Encryption and Authentication , 2006, 33rd International Symposium on Computer Architecture (ISCA'06).

[33]  Yan Solihin,et al.  Proteus: A Flexible and Fast Software Supported Hardware Logging approach for NVM , 2017, 2017 50th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[34]  G. Edward Suh,et al.  Aegis: A Single-Chip Secure Processor , 2007, IEEE Design & Test of Computers.

[35]  Srinivas Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..

[36]  Stratis Viglas,et al.  ATOM: Atomic Durability in Non-volatile Memory through Hardware Logging , 2017, 2017 IEEE International Symposium on High Performance Computer Architecture (HPCA).

[37]  Jose Joao,et al.  Morphable Counters: Enabling Compact Integrity Trees For Low-Overhead Secure Memories , 2018, 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[38]  Sanjay Kumar,et al.  System software for persistent memory , 2014, EuroSys '14.

[39]  Ruby B. Lee,et al.  Architecture for protecting critical secrets in microprocessors , 2005, 32nd International Symposium on Computer Architecture (ISCA'05).

[40]  Chen Liu,et al.  Secure and Durable (SEDURA): An Integrated Encryption and Wear-leveling Framework for PCM-based Main Memory , 2015, LCTES.

[41]  Moinuddin K. Qureshi,et al.  DEUCE: Write-Efficient Encryption for Non-Volatile Memories , 2015, ASPLOS.

[42]  Mao Ye,et al.  Triad-NVM: Persistent-Security for Integrity-Protected and Encrypted Non-Volatile Memories (NVMs) , 2018, ArXiv.

[43]  Dan Boneh,et al.  Architectural support for copy and tamper resistant software , 2000, SIGP.

[44]  Yan Solihin,et al.  Lazy Persistency: A High-Performing and Write-Efficient Software Persistency Technique , 2018, 2018 ACM/IEEE 45th Annual International Symposium on Computer Architecture (ISCA).

[45]  Thomas F. Wenisch,et al.  Memory persistency , 2014, 2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA).

[46]  Mingjie Lin,et al.  FAST: A Frequency-Aware Skewed Merkle Tree for FPGA-Secured Embedded Systems , 2019, 2019 IEEE Computer Society Annual Symposium on VLSI (ISVLSI).

[47]  Gennady Pekhimenko,et al.  Janus: Optimizing Memory and Storage Support for Non-Volatile Memory Systems , 2019, 2019 ACM/IEEE 46th Annual International Symposium on Computer Architecture (ISCA).

[48]  Jun Yang,et al.  Fast Secure Processor for Inhibiting Software Piracy and Tampering , 2003, MICRO.

[49]  Srinivas Devadas,et al.  A secure processor architecture for encrypted computation on untrusted programs , 2012, STC '12.

[50]  Amro Awad,et al.  Anubis: Ultra-Low Overhead and Recovery Time for Secure Non-Volatile Memories , 2019, 2019 ACM/IEEE 46th Annual International Symposium on Computer Architecture (ISCA).

[51]  Rajesh K. Gupta,et al.  NV-Heaps: making persistent objects fast and safe with next-generation, non-volatile memories , 2011, ASPLOS XVI.

[52]  Benjamin C. Lee,et al.  MAPS: Understanding Metadata Access Patterns in Secure Memory , 2018, 2018 IEEE International Symposium on Performance Analysis of Systems and Software (ISPASS).

[53]  Youyou Lu,et al.  Loose-Ordering Consistency for persistent memory , 2014, 2014 IEEE 32nd International Conference on Computer Design (ICCD).

[54]  Yan Solihin,et al.  Efficient Checkpointing of Loop-Based Codes for Non-volatile Main Memory , 2017, 2017 26th International Conference on Parallel Architectures and Compilation Techniques (PACT).

[55]  Yan Solihin,et al.  Hiding the long latency of persist barriers using speculative execution , 2017, 2017 ACM/IEEE 44th Annual International Symposium on Computer Architecture (ISCA).

[56]  Michael M. Swift,et al.  An Analysis of Persistent Memory Use with WHISPER , 2017, ASPLOS.

[57]  Hans-Juergen Boehm,et al.  Atlas: leveraging locks for non-volatile memory consistency , 2014, OOPSLA.

[58]  Shay Gueron,et al.  A Memory Encryption Engine Suitable for General Purpose Processors , 2016, IACR Cryptol. ePrint Arch..

[59]  Somayeh Sardashti,et al.  The gem5 simulator , 2011, CARN.

[60]  Amro Awad,et al.  Persistently-Secure Processors: Challenges and Opportunities for Securing Non-Volatile Memories , 2019, 2019 IEEE Computer Society Annual Symposium on VLSI (ISVLSI).

[61]  Kartik Mohanram,et al.  STASH: SecuriTy Architecture for Smart Hybrid Memories , 2018, 2018 55th ACM/ESDA/IEEE Design Automation Conference (DAC).