Phoenix: Towards Persistently Secure, Recoverable, and NVM Friendly Tree of Counters

by   Mazen Alwadi, et al.

Emerging Non-Volatile Memories (NVMs) bring a unique challenge to the security community, namely persistent security. As NVM-based memories are expected to restore their data after recovery, the security metadata must be recovered as well. However, persisting all affected security metadata on each memory write would significantly degrade performance and exacerbate the write endurance problem. Moreover, recovery time can increase significantly (up to hours for practical memory sizes) when security metadata are not updated strictly. Counter trees are used in state-of-the-art commercial secure processors, e.g., Intel's Safe Guard Extension (SGX). Counter trees have a unique challenge due to the inability to recover the whole tree from leaves. Thus, to ensure recoverability, all updates to the tree must be persisted, which can be tens of additional writes on each write. The state-of-art scheme, Anubis, enables recoverability but incurs an additional write per cache eviction, i.e., reduces lifetime to approximately half. Additionally, Anubis degrades performance significantly in many cases. In this paper, we propose Phoenix, a practical novel scheme which relies on elegantly reproducing the cache content before a crash, however with minimal overheads. Our evaluation results show that Phoenix reduces persisting security metadata overhead writes from 87% extra writes (for Anubis) to less than write-back compared to an encrypted system without recovery, thus improving the NVM lifetime by 2x. Overall Phoenix performance is better than the baseline, unlike Anubis which adds 7.9% (max of 35%) performance overhead.


page 4

page 5

page 9

page 10


A Write-Friendly and Fast-Recovery Scheme for Security Metadata in NVM

Non-Volatile Memories (NVMs) have attracted the attentions of academia a...

A Secure and Persistent Memory System for Non-volatile Memory

In the non-volatile memory, ensuring the security and correctness of per...

Triad-NVM: Persistent-Security for Integrity-Protected and Encrypted Non-Volatile Memories (NVMs)

Emerging Non-Volatile Memories (NVMs) are promising contenders for build...

Streamlining Integrity Tree Updates for Secure Persistent Non-Volatile Memory

Emerging non-volatile main memory (NVMM) is rapidly being integrated int...

WLFC: Write Less in Flash-based Cache

Flash-based disk caches, for example Bcache and Flashcache, has gained t...

Circ-Tree: A B+-Tree Variant with Circular Design for Persistent Memory

Several B+-tree variants have been developed to exploit the performance ...

HMT: A Hardware-Centric Hybrid Bonsai Merkle Tree Algorithm for High-Performance Authentication

Bonsai Merkle tree (BMT) is a widely used data structure for authenticat...

Please sign up or login with your details

Forgot password? Click here to reset