|dc.description.abstract||Recent commercialization of Non-Volatile Memory (NVM) technology in the form of Intel Optane enables programmers to write recoverable programs. However, the data on NVM is susceptible to a plethora of data remanence attacks, which makes confidentiality and integrity protection of data essential for a secure NVM system. However, that requires computing and maintaining a large amount of security metadata (encryption counters, message authentication code (MAC), and integrity tree nodes (BMT)). Furthermore, crash consistency guarantees require the system to persist the security metadata and data atomically back to NVM, incurring high overheads. So there is a trade-off between providing complete security guarantees, the performance and recovery time of an NVM system. Our work explores the resilience of the NVM system to system crashes and malicious attacks.
To ensure the confidentiality and integrity of data, a substantial quantity of security metadata is required. Of these, persisting Bonsai Merkel Tree (BMT) nodes, which are essential for fine-grain integrity verification, add substantial cost owing to the massive amount of data that must be moved off-chip to the bandwidth-constrained NVM. Thus, prior works often make a trade-off between performance and fine-grain verifiability, or forego it entirely in favour of performance.
The goal of this work is to maintain the strongest security and verifiability guarantees while limiting the cost of BMT updates. We accomplish this by leveraging the in-memory integrity verification.
We make the fine-grain integrity verifiability realizable with a radically different approach of using in-memory computing for integrity verification. Our proposal, iMIV draws inspiration from the fact that today's commercial Optane NVM performs encryption onboard the DIMM. We argue that memory-intensive integrity verification operation should be performed near the (non-volatile) memory to avoid off-chip data movement.
In this thesis, we propose a novel and practical hardware-managed security solution called iMIV, which leverages in-memory integrity verification operations to reduce the overheads associated with integrity protection (BMT nodes computation and persistence), which is a key performance bottleneck. iMIV persists the complete security metadata (encryption counter, MAC, BMT nodes) with each data persist, providing it the ability to detect and locate the tampered data block and tampered counter block. Hence, ensuring no single point of failure due to any malicious attack. The work targets to minimize the off-chip memory transfer and mitigate the effect of the bandwidth wall. The proposed iMIV also scales to larger NVM capacity in future systems with per-DIMM BMT.
Experiments are carried out on a trace-driven cycle-accurate simulator VANS, which mimics the internal micro-architecture of Intel Optane memory DIMMs. Experimental results show that in comparison to the Baseline scheme with write-through caches and strict persistency model, which also provides complete security guarantees, iMIV reduces system runtime by 1.8x for NVM-aware workloads and 3.4x for NVM-agnostic workloads. iMIV's recovery time on system crashes is microsecond-scale without compromising on detecting tampering and fast pin-point of the unverifiable region.
iMIV brings down the performance overheads of fine-grain integrity verification on secure NVMs for NVM-aware workloads from 205% (baseline with all security operations performed at memory controller) to 55% (integrity verification operation offloaded to near the NVM).||en_US