From Ideal to Practice: Data Encryption in eADR-based Secure Non-Volatile Memory Systems

by   Jianming Huang, et al.

Extended Asynchronous DRAM Refresh (eADR) proposed by Intel extends the persistence domain from the Non-Volatile Memory (NVM) to CPU caches and offers the persistence guarantee. Due to allowing lazy persistence and decreasing the amounts of instructions, eADR-based NVM systems significantly improve performance. Existing designs however fail to provide efficient encryption schemes to ensure data confidentiality in eADR-based NVM systems. It is challenging to guarantee both data persistence and confidentiality in a cost-efficient manner due to the transient persistence property of caches in eADR. Once the system crashes, eADR flushes the unencrypted data from the cache into NVM, in which security issues occur due to no encryption. To bridge the gap between persistence and confidentiality, we propose cost-efficient BBE and Sepencr encryption schemes that efficiently match different eADR execution models from ideal to practice. Under the ideal eADR execution model, BBE supports the encryption module via the battery of eADR upon crashes. Under the practical eADR execution model, Sepencr generates the one-time paddings (OTPs) at the system startup to encrypt the cached data in case the system crashes. Our evaluation results show that compared with an intuitive in-cache encryption scheme in eADR-based systems, our designs significantly reduce performance overheads while efficiently ensuring data confidentiality.


page 1

page 4

page 9

page 10


A Secure and Persistent Memory System for Non-volatile Memory

In the non-volatile memory, ensuring the security and correctness of per...

Triad-NVM: Persistent-Security for Integrity-Protected and Encrypted Non-Volatile Memories (NVMs)

Emerging Non-Volatile Memories (NVMs) are promising contenders for build...

Architecting Non-Volatile Main Memory to Guard Against Persistence-based Attacks

DRAM-based main memory and its associated components increasingly accoun...

Cache Persistence Analysis: Finally Exact

Cache persistence analysis is an important part of worst-case execution ...

Enabling Atomic Durability for Persistent Memory with Transiently Persistent CPU Cache

Persistent memory (pmem) products bring the persistence domain up to the...

NVMM cache design: Logging vs. Paging

Modern NVMM is closing the gap between DRAM and persistent storage, both...

Clueless: A Tool Characterising Values Leaking as Addresses

Clueless is a binary instrumentation tool that characterises explicit ca...

Please sign up or login with your details

Forgot password? Click here to reset