SYNERGY: Rethinking Secure-Memory Design for Error-Correcting Memories

Building trusted data-centers requires resilient memories which are protected from both adversarial attacks and errors. Unfortunately, the state-of-the-art memory security solutions incur considerable performance overheads due to accesses for security metadata like Message Authentication Codes (MACs). At the same time, commercial secure memory solutions tend to be designed oblivious to the presence of memory reliability mechanisms (such as ECC-DIMMs), that provide tolerance to memory errors. Fortunately, ECC-DIMMs possess an additional chip for providing error correction codes (ECC), that is accessed in parallel with data, which can be harnessed for security optimizations. If we can re-purpose the ECC-chip to store some metadata useful for security and reliability, it can prove beneficial to both. To this end, this paper proposes Synergy, a reliability-security co-design that improves performance of secure execution while providing strong reliability for systems with 9-chip ECC-DIMMs. Synergy uses the insight that MACs being capable of detecting data tampering are also useful for detecting memory errors. Therefore, MACs are best suited for being placed inside the ECC chip, to be accessed in parallel with each data access. By co-locating MAC and Data, Synergy is able to avoid a separate memory access for MAC and thereby reduce the overall memory traffic for secure memory systems. Furthermore, Synergy is able to tolerate 1 chip failure out of 9 chips by using a parity that is constructed over 9 chips (8 Data and 1 MAC), which is used for reconstructing the data of the failed chip. For memory intensive workloads, Synergy provides a speedup of 20% and reduces system Energy Delay Product by 31% compared to a secure memory baseline with ECC-DIMMs. At the same time, Synergy increases reliability by 185x compared to ECC-DIMMs that provide Single-Error Correction, Double-Error Detection (SECDED) capability. Synergy uses commercial ECC-DIMMs and does not incur any additional hardware overheads or reduction of security.

[1]  Hsien-Hsin S. Lee,et al.  Authentication Control Point and Its Implications For Secure Processor Design , 2006, 2006 39th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO'06).

[2]  Reetuparna Das,et al.  Cold Boot Attacks are Still Hot: Security Analysis of Memory Scramblers in Modern Processors , 2017, 2017 IEEE International Symposium on High Performance Computer Architecture (HPCA).

[3]  John Sartori,et al.  Low-power, low-storage-overhead chipkill correct via multi-line error correction , 2013, 2013 SC - International Conference for High Performance Computing, Networking, Storage and Analysis (SC).

[4]  Christoph Ruland,et al.  Error Correcting and Weighted Noise Tolerant Message Authentication Codes , 2011, 2011 5th International Conference on Signal Processing and Communication Systems (ICSPCS).

[5]  Jaehyuk Huh,et al.  Reducing the Memory Bandwidth Overheads of Hardware Security Support for Multi-Core Processors , 2016, IEEE Transactions on Computers.

[6]  Srinivas Devadas,et al.  Integrity verification for path Oblivious-RAM , 2013, 2013 IEEE High Performance Extreme Computing Conference (HPEC).

[7]  Elena Dubrova,et al.  Error-Correcting Message Authentication for 5G , 2016, MobiMedia.

[8]  Ariel J. Feldman,et al.  Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[9]  F. Moore,et al.  Polynomial Codes Over Certain Finite Fields , 2017 .

[10]  Moinuddin K. Qureshi,et al.  FaultSim: A Fast, Configurable Memory-Reliability Simulator for Conventional and 3D-Stacked Systems , 2016, ACM Trans. Archit. Code Optim..

[11]  Srinivas Devadas,et al.  Freecursive ORAM: [Nearly] Free Recursion and Integrity Verification for Position-based Oblivious RAM , 2015 .

[12]  G. Edward Suh,et al.  Caches and hash trees for efficient memory integrity verification , 2003, The Ninth International Symposium on High-Performance Computer Architecture, 2003. HPCA-9 2003. Proceedings..

[13]  Timothy J. Dell,et al.  A white paper on the benefits of chipkill-correct ecc for pc server main memory , 1997 .

[14]  Marten van Dijk,et al.  Efficient memory integrity verification and encryption for secure processors , 2003, Proceedings. 36th Annual IEEE/ACM International Symposium on Microarchitecture, 2003. MICRO-36..

[15]  Rakesh Kumar,et al.  Adaptive Reliability Chipkill Correct (ARCC) , 2013, 2013 IEEE 19th International Symposium on High Performance Computer Architecture (HPCA).

[16]  Rakesh Kumar,et al.  Parity Helix: Efficient protection for single-dimensional faults in multi-dimensional memory systems , 2016, 2016 IEEE International Symposium on High Performance Computer Architecture (HPCA).

[17]  Mikko H. Lipasti,et al.  COP: To compress and protect main memory , 2015, 2015 ACM/IEEE 42nd Annual International Symposium on Computer Architecture (ISCA).

[18]  Seth H. Pugsley,et al.  USIMM : the Utah SImulated Memory Module , 2012 .

[19]  Chin-Long Chen,et al.  Error-Correcting Codes for Semiconductor Memory Applications: A State-of-the-Art Review , 1984, IBM J. Res. Dev..

[20]  Eduardo Pinheiro,et al.  DRAM errors in the wild: a large-scale field study , 2009, SIGMETRICS '09.

[21]  David A. Patterson,et al.  The GAP Benchmark Suite , 2015, ArXiv.

[22]  B. Rogers,et al.  Improving Cost, Performance, and Security of Memory Encryption and Authentication , 2006, ISCA 2006.

[23]  Satish Narayanasamy,et al.  InvisiMem: Smart memory defenses for memory bus side channel , 2017, 2017 ACM/IEEE 44th Annual International Symposium on Computer Architecture (ISCA).

[24]  Ling Ren,et al.  Path ORAM , 2012, J. ACM.

[25]  Srinivas Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..

[26]  Moinuddin K. Qureshi,et al.  XED: Exposing On-Die Error Detection Information for Strong Memory Reliability , 2016, 2016 ACM/IEEE 43rd Annual International Symposium on Computer Architecture (ISCA).

[27]  Lionel Torres,et al.  TEC-Tree: A Low-Cost, Parallelizable Tree for Efficient Defense Against Memory Replay Attacks , 2007, CHES.

[28]  Giovanni Di Crescenzo,et al.  Approximate Message Authentication Codes for$N$-ary Alphabets , 2006, IEEE Transactions on Information Forensics and Security.

[29]  Chris Fallin,et al.  Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors , 2014, 2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA).

[30]  Mattan Erez,et al.  Frugal ECC: efficient and versatile memory error protection through fine-grained compression , 2015, SC15: International Conference for High Performance Computing, Networking, Storage and Analysis.

[31]  Vilas Sridharan,et al.  A study of DRAM failures in the field , 2012, 2012 International Conference for High Performance Computing, Networking, Storage and Analysis.

[32]  Helger Lipmaa AES Modes of Operations : CTR-Mode Encryption , 2000 .

[33]  Gonzalo R. Arce,et al.  Approximate image message authentication codes , 2001, IEEE Trans. Multim..

[34]  Bianca Schroeder,et al.  A Large-Scale Study of Failures in High-Performance Computing Systems , 2010, IEEE Trans. Dependable Secur. Comput..

[35]  Norman P. Jouppi,et al.  LOT-ECC: Localized and tiered reliability mechanisms for commodity memory systems , 2012, 2012 39th Annual International Symposium on Computer Architecture (ISCA).

[36]  Benjamin C. Lee,et al.  PoisonIvy: Safe speculation for secure memory , 2016, 2016 49th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[37]  Brian Rogers,et al.  Using Address Independent Seed Encryption and Bonsai Merkle Trees to Make Secure Processors OS- and Performance-Friendly , 2007, 40th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO 2007).

[38]  Elaine Shi,et al.  PHANTOM: practical oblivious computation in a secure processor , 2013, CCS.

[39]  Long Chen,et al.  MemGuard: A low cost and energy efficient design to support and enhance memory system reliability , 2014, 2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA).

[40]  Charanjit S. Jutla,et al.  Parallelizable Authentication Trees , 2005, IACR Cryptol. ePrint Arch..

[41]  S. Xiao,et al.  Efficient Noise-Tolerant Message Authentication Codes Using Direct Sequence Spread Spectrum Technique , 2006, 2006 40th Annual Conference on Information Sciences and Systems.

[42]  Mattan Erez,et al.  Bamboo ECC: Strong, safe, and flexible codes for reliable computer memory , 2015, 2015 IEEE 21st International Symposium on High Performance Computer Architecture (HPCA).

[43]  Larry Carter,et al.  New classes and applications of hash functions , 1979, 20th Annual Symposium on Foundations of Computer Science (sfcs 1979).

[44]  Shay Gueron,et al.  A Memory Encryption Engine Suitable for General Purpose Processors , 2016, IACR Cryptol. ePrint Arch..

[45]  Yan Solihin,et al.  ObfusMem: A low-overhead access obfuscation for trusted memories , 2017, 2017 ACM/IEEE 44th Annual International Symposium on Computer Architecture (ISCA).

[46]  Doe Hyun Yoon,et al.  Virtualized and flexible ECC for main memory , 2010, ASPLOS XV.

[47]  Dwijendra K. Ray-Chaudhuri,et al.  Binary mixture flow with free energy lattice Boltzmann methods , 2022, arXiv.org.

[48]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[49]  G. Edward Suh,et al.  IVEC: off-chip memory integrity protection for both security and reliability , 2010, ISCA.

[50]  Ralph C. Merkle,et al.  Protocols for Public Key Cryptosystems , 1980, 1980 IEEE Symposium on Security and Privacy.

[51]  Douglas R. Stinson,et al.  On the Connections Between Universal Hashing, Combinatorial Designs and Error-Correcting Codes , 1995, Electron. Colloquium Comput. Complex..

[52]  Dongvu Tonien,et al.  Unconditionally Secure Approximate Message Authentication , 2009, IWCC.

[53]  Moinuddin K. Qureshi,et al.  Citadel: Efficiently Protecting Stacked Memory from Large Granularity Failures , 2014, 2014 47th Annual IEEE/ACM International Symposium on Microarchitecture.