Compact Leakage-Free Support for Integrity and Reliability

Taassori, Meysam; Balasubramonian, Rajeev; Chhabra, Siddhartha; Alameldeen, Alaa R.; Peddireddy, Manjula; Agarwal, Reena; Stutsman, Ryan

doi:10.1109/isca45697.2020.00066

Cited by 19 publications

(6 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Synergy [24] places the MAC inside the ECC chip in a 9-chip ECC-DIMMs and demonstrates that MAC can be used to detect not only data tampering but also memory errors. ITESP [28] uses small counters to save space in the tree node. The ECCs of the child nodes are XORed, and the XORed ECC is embedded in the parent node in ITESP.…”

Section: Recovery Schemementioning

confidence: 99%

Update the Root of Integrity Tree in Secure Non-Volatile Memory Systems with Low Overhead

Huang,

Hua

2021

Preprint

View full text Add to dashboard Cite

Data integrity is important for non-volatile memory (NVM) systems that maintain data even without power. The data integrity in NVM is possibly compromised by integrity attacks, which can be defended against by integrity verification via integrity trees. After NVM system failures and reboots, the integrity tree root is responsible for providing a trusted execution environment. However, the root often becomes a performance bottleneck, since updating the root requires high latency on the write critical path to propagate the modifications from leaf nodes to the root. The root and leaf nodes have to ensure the crash consistency between each other to avoid any update failures that potentially result in misreporting the attacks after system reboots. In this paper, we propose an efficient and low-latency scheme, called SCUE, to directly update the root on the SGX integrity tree (SIT) by overlooking the updates upon the intermediate tree nodes. The idea behind SCUE explores and exploits the observation that only the persistent leaf nodes and root are useful to ensure the integrity after system failures and reboots, due to the loss of the cached intermediate tree nodes. To achieve the crash consistency between root and leaf nodes, we accurately predict the updates upon the root and pre-update the root before the leaf nodes are modified. Moreover, the SIT root is difficult to be reconstructed from the leaf nodes since updating one tree node needs its parent node as input. We use a countersumming approach to reconstructing the SIT from leaf nodes. Our evaluation results show that compared with the state-of-theart integrity tree update schemes, our SCUE scheme delivers high performance while ensuring the system integrity.

show abstract

Section: Recovery Schemementioning

confidence: 99%

Update the Root of Integrity Tree in Secure Non-Volatile Memory Systems with Low Overhead

Huang,

Hua

2021

Preprint

View full text Add to dashboard Cite

show abstract

“…Similarly, Morphable [42] packs more encryption counters in a single cache line, which results in a smaller integrity tree and increases its cacheability. Taassori et al [46] proposed using separate integrity trees and separate security metadata caches for each application to prevent side-channel attacks in the security metadata cache. Additionally, the proposed scheme combines the parity bits inside the integrity tree structure to reduce the memory accesses in case of errors.…”

Section: Related Workmentioning

confidence: 99%

“…While the lowest level counters are used to encrypt the data, the intermediate node's counters are typically referred to as versions, and are not associated with the data. Whenever a data cache line is written back to the memory, the associated encryption counter is incremented, which leads to incrementing the version in the encryption counter's parent, and updating the encryption counter's MAC [11,19,22,43,46,47,58]. Note that the update is propagated until the root is updated.…”

Section: Introductionmentioning

confidence: 99%

ProMT

Alwadi

Mohaisen

Awad³

2021

Proceedings of the ACM International Conference on Supercomputing

View full text Add to dashboard Cite

Current computer systems are vulnerable to a wide range of attacks caused by the proliferation of accelerators, and the fact that current system comprise multiple SoCs provided from different vendors. Thus, major processor vendors are moving towards limiting the trust boundary to the processor chip only as in Intel's SGX, and AMD's SME. This secure boundary limitation requires protecting the memory content against data remanence attacks, which were performed against DRAM in the form of cold-boot attack and are more successful against NVM due to NVM's data persistency feature. However, implementing secure memory features, such as memory encryption and integrity verification has a non-trivial performance overhead, and can significantly reduce the emerging NVM's expected lifetime. Previous work looked at reducing the overheads of the secure memory implementation by packing more counters into a cache line, increasing the cacheability of security metadata, slightly reducing the size of the integrity tree, or using the ECC chip to store the MAC values. However, the root update process is barely studied, which requires a sequential update of the MAC values in all the integrity tree levels.In this paper, we propose ProMT, a novel memory controller design that ensures a persistently secure system with minimal overheads. ProMT protects the data confidentiality and ensures the data integrity with minimal overheads. ProMT reduces the performance overhead of secure memory implementation to 11.7%, extends the NVM's life time by 3.59x, and enables the system recovery in a fraction of a second. CCS CONCEPTS• Security and privacy → Hardware-based security protocols.

show abstract

“…Similar to previous security and reliability co-designs [2]- [4], our secure memory system is built on the 9-chips ECC-DIMM. We re-purpose the 9th chip (ECC chip) to store the different types of metadata other than just ECC.…”

Section: Low Overhead Integrity Verification a Re-purposing Of Ecc Chipmentioning

confidence: 99%

“…Reliability requires that memory natural failures are detectable and correctable. Nowadays, many security and reliability co-design researches [1]- [4] have achieved a good balance on performance, security, and reliability. However, these researches merely rely on encryption to ensure data confidentiality, which has been proven unable to stop information leakage from memory access patterns.…”

Section: Introductionmentioning

confidence: 99%

IRO: Integrity and Reliability Enhanced Ring ORAM

He,

Feng,

Wang

et al. 2020

Preprint

View full text Add to dashboard Cite

Memory security and reliability are two of the major design concerns in cloud computing systems. State-of-theart memory security-reliability co-designs (e.g. Synergy) have achieved a good balance on performance, confidentiality, integrity, and reliability. However, these works merely rely on encryption to ensure data confidentiality, which has been proven unable to prevent information leakage from memory access patterns. Ring ORAM is an attractive confidential protection protocol to hide memory access patterns to the untrusted storage system. Unfortunately, it does not compatible with the securityreliability co-designs. A forced combination would result in more severe performance loss.In this paper, we propose IRO, an Integrity and Reliability enhanced Ring ORAM design. To reduce the overhead of integrity verification, we propose a low overhead integrity tree RIT and use a Minimum Update Subtree Tree (MUST) to reduce metadata update overhead. To improve memory reliability, we present Secure Replication to provide channel-level error resilience for the ORAM tree and use the mirrored channel technique to guarantee the reliability of the MUST. Last, we use the error correction pointer (ECP) to repair permanent memory cell fault to further improve device reliability and lifetime. A compact metadata design is used to reduce the storage and consulting overhead of the ECP.IRO provides strong security and reliability guarantees, while the resulting storage and performance overhead is very small. Our evaluation shows that IRO only increases 7.54% execution time on average over the Baseline under two channels four AES-GCM units setting. With enough AES-GCM units to perform concurrent MAC computing, IRO can reduce 2.14% execution time of the Baseline.

show abstract

Compact Leakage-Free Support for Integrity and Reliability

Cited by 19 publications

References 28 publications

Update the Root of Integrity Tree in Secure Non-Volatile Memory Systems with Low Overhead

Update the Root of Integrity Tree in Secure Non-Volatile Memory Systems with Low Overhead

ProMT

IRO: Integrity and Reliability Enhanced Ring ORAM

Contact Info

Product

Resources

About