research-article

Anubis: ultra-low overhead and recovery time for secure non-volatile memories

Authors:

Kazi Abu Zubair,

Amro AwadAuthors Info & Claims

ISCA '19: Proceedings of the 46th International Symposium on Computer Architecture

Pages 157 - 168

https://doi.org/10.1145/3307650.3322252

Published: 22 June 2019 Publication History

Abstract

Implementing secure Non-Volatile Memories (NVMs) is challenging, mainly due to the necessity to persist security metadata along with data. Unlike conventional secure memories, NVM-equipped systems are expected to recover data after crashes and hence security metadata must be recoverable as well. While prior work explored recovery of encryption counters, fewer efforts have been focused on recovering integrity-protected systems. In particular, how to recover Merkle Tree. We observe two major challenges for this. First, recovering parallelizable integrity trees, e.g., Intel's SGX trees, requires very special handling due to inter-level dependency. Second, the recovery time of practical NVM sizes (terabytes are expected) would take hours. Most data centers, cloud systems, intermittent-power devices and even personal computers, are anticipated to recover almost instantly after power restoration. In fact, this is one of the major promises of NVMs.

In this paper, we propose Anubis, a novel hardware-only solution that speeds up recovery time by almost 10⁷ times (from 8 hours to only 0.03 seconds). Moreover, we propose a novel and elegant way to recover inter-level dependent trees, as in Intel's SGX. Most importantly, while ensuring recoverability of one of the most challenging integrity-protection schemes among others, Anubis incurs performance overhead that is only 2% higher than the state-of-the-art scheme, Osiris, which takes hours to recover systems with general Merkle Tree and fails to recover SGX-style trees.

References

[1]

B. C. Lee, P. Zhou, J. Yang, Y. Zhang, B. Zhao, E. Ipek, O. Mutlu, and D. Burger, "Phase-change technology and the future of main memory," IEEE Micro, vol. 30, pp. 143--143, Jan. 2010.

Digital Library

[2]

Z. Li, R. Zhou, and T. Li, "Exploring high-performance and energy proportional interface for phase change memory systems," in Proceedings of the 2013 IEEE 19th International Symposium on High Performance Computer Architecture (HPCA), HPCA '13, (Washington, DC, USA), pp. 210--221, IEEE Computer Society, 2013.

Digital Library

[3]

T.-Y.L. et al., "A 130.7mm2 2-layer 32gb reram memory device in 24nm technology," in IEEE International Solid-State Circuits Conference Digest of Technical Papers, 2013.

[4]

J. Y. P. Zhou, B. Zhao and Y. Zhang, "A durable and energy efficient main memory using phase change memory technology," in 36th annual international symposium on Computer architecture - ISCA'09, 2009.

Digital Library

[5]

E. C. et al., "Advances and future prospects of spin-transfer torque random access memory," in IEEE Transactions on Magnetics, Jun. 2010.

[6]

M.P.B.R. Chenyu Yan, D. Englender and Y. Solihin, "Improving cost, performance, and security of memory encryption and authentication," in 33rd International Symposium on Computer Architecture, ISCA'06, 2006.

Digital Library

[7]

M. Ye, C. Hughes, and A. Awad, "Osiris: A low-cost mechanism to enable restoration of secure non-volatile memories," in 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO 2018), 2018.

[8]

J. R. S. Liu, A. Kolli and S. Khan, "Crash consistency in encrypted non-volatile main memory systems," in 2018 IEEE International Symposium on High Performance Computer Architecture (HPCA), 2018.

[9]

M. P. B. Rogers, S. Chhabra and Y. Solihin, "Using address independent seed encryption and bonsai merkle trees to make secure processors os- and performance-friendly," in 40th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO 2007), 2007.

Digital Library

[10]

"Enhancing High-Performance Computing with Persistent Memory Technology." https://software.intel.com/en-us/articles/enhancing-high-performance-computing-with-persistent-memory-technology. Accessed: 2018-12-07.

[11]

"Amazon.com Goes Down, Loses $66,240 Per Minute." https://www.forbes.com/sites/kellyclay/2013/08/19/amazon-com-goes-down-loses-66240-per-minute/#68dc6b6b495c. Accessed: 2019-02-19.

[12]

A. Awad, P. Manadhata, S. Haber, Y. Solihin, and W. Horne, "Silent shredder: Zero-cost shredding for secure non-volatile main memory controllers," in ACM SIGARCH Computer Architecture News, vol. 44, pp. 263--276, ACM, 2016.

Digital Library

[13]

A. Ruddof, "Deprecating the pcommit instruction," 2016.

[14]

S. J. Edirisooriya, S. R. Nagesh, B. R. Monson, and P. Kumar, "Method and apparatus for completing pending write requests to volatile memory prior to transitioning to self-refresh mode," Feb. 9 2017. US Patent App. 14/816,445.

[15]

N. Binkert, S. Sardashti, R. Sen, K. Sewell, M. Shoaib, N. Vaish, M. D. Hill, D. A. Wood, B. Beckmann, G. Black, S. K. Reinhardt, A. Saidi, A. Basu, J. Hestness, D. R. Hower, and T. Krishna, "The gem5 simulator," ACM SIGARCH Computer Architecture News, vol. 39, p. 1, aug 2011.

Digital Library

[16]

J.L. Henning, "SPEC CPU2006 benchmark descriptions," ACM SIGARCH Computer Architecture News, vol. 34, pp. 1--17, sep 2006.

Digital Library

[17]

S. Gueron, "A memory encryption engine suitable for general purpose processors." Cryptology ePrint Archive, Report 2016/204, 2016. https://eprint.iacr.org/2016/204.

[18]

M. Taassori, A. Shafiee, and R. Balasubramonian, "Vault: Reducing paging overheads in sgx with efficient integrity verification structures," in Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 665--678, 2018.

Digital Library

[19]

G. Saileshwar, P. J. Nair, P. Ramrakhyani, W. Elsasser, J. A. Joao, and M. K. Qureshi, "Morphable counters: Enabling compact integrity trees for low-overhead secure memories," in Microarchitecture (MICRO), 2018 51st Annual IEEE/ACM International Symposium on, 2018.

Digital Library

[20]

G. Saileshwar, P. J. Nair, P. Ramrakhyani, W. Elsasser, and M. K. Qureshi, "Synergy: Rethinking secure-memory design for error-correcting memories," in 2018 IEEE International Symposium on High Performance Computer Architecture (HPCA), pp. 454--465, IEEE, 2018.

[21]

M. M. Swift, "Towards o(1) memory," in Proceedings of the 16th Workshop on Hot Topics in Operating Systems, HotOS '17, (New York, NY, USA), pp. 7--11, ACM, 2017.

Digital Library

[22]

B. C. Lee, E. Ipek, O. Mutlu, and D. Burger, "Architecting phase change memory as a scalable dram alternative," in ACM SIGARCH Computer Architecture News, vol. 37, pp. 2--13, ACM, 2009.

Digital Library

[23]

J. L. Henning, "Spec cpu2006 benchmark descriptions," ACM SIGARCH Computer Architecture News, vol. 34, no. 4, pp. 1--17, 2006.

Digital Library

[24]

A. Awad, M. Ye, Y. Solihin, L. Njilla, and K. Abu Zubair, "Triad-nvm: Persistency for integrity-protected and encrypted non-volatile memories," in Proceedings of the 46th International Symposium on Computer Architecture (ISCA), 2019.

[25]

J. Coburn, A. M. Caulfield, A. Akel, L. M. Grupp, R. K. Gupta, R. Jhala, and S. Swanson, "Nv-heaps: Making persistent objects fast and safe with next-generation, non-volatile memories," SIGPLAN Not., vol. 46, pp. 105--118, Mar. 2011.

Digital Library

[26]

J. Zhao, S. Li, D. H. Yoon, Y. Xie, and N. P. Jouppi, "Kiln: Closing the performance gap between systems with and without persistence support," in Proceedings of the 46th Annual IEEE/ACM International Symposium on Microarchitecture, MICRO-46, (New York, NY, USA), pp. 421--432, ACM, 2013.

Digital Library

[27]

A. Kolli, V. Gogte, A. Saidi, S. Diestelhorst, P. M. Chen, S. Narayanasamy, and T. F. Wenisch, "Language-level persistency," in 2017 ACM/IEEE 44th Annual International Symposium on Computer Architecture (ISCA), pp. 481--493, IEEE, 2017.

Digital Library

[28]

P. Zuo and Y. Hua, "Secpm: a secure and persistent memory system for nonvolatile memory," in 10th USENIX Workshop on Hot Topics in Storage and File Systems (HotStorage 18), (Boston, MA), USENIX Association, 2018.

[29]

J. Ren, J. Zhao, S. Khan, J. Choi, Y. Wu, and O. Mutlu, "Thynvm: Enabling software-transparent crash consistency in persistent memory systems," in Proceedings of the 48th International Symposium on Microarchitecture, MICRO-48, (New York, NY, USA), pp. 672--685, ACM, 2015.

Digital Library

Cited By

Du CLin ZWu SChen YWu JWang SWang WWu QMao B(2024)FSDedup: Feature-Aware and Selective Deduplication for Improving Performance of Encrypted Non-Volatile Main MemoryACM Transactions on Storage10.1145/366273620:4(1-33)Online publication date: 1-May-2024
https://dl.acm.org/doi/10.1145/3662736
Thomas SWorkneh KMcCarty JIzraelevitz JLehman TBahar RTsafrir DMusuvathi MGupta RAbu-Ghazaleh N(2024)A Midsummer Night’s Tree: Efficient and High Performance Secure SCMProceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 310.1145/3620666.3651354(22-37)Online publication date: 27-Apr-2024
https://dl.acm.org/doi/10.1145/3620666.3651354
Shadab RZou YLin M(2024)CTR+: A High-Performance Metadata Access Scheme for Secure Embedded Memory in Heterogeneous Computing Systems2024 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)10.1109/HOST55342.2024.10545394(304-308)Online publication date: 6-May-2024
https://doi.org/10.1109/HOST55342.2024.10545394
Show More Cited By

Index Terms

Anubis: ultra-low overhead and recovery time for secure non-volatile memories

Recommendations

Triad-NVM: persistency for integrity-protected and encrypted non-volatile memories
ISCA '19: Proceedings of the 46th International Symposium on Computer Architecture

Non-Volatile Memory is here and provides an attractive fabric for main memory. Unlike DRAM, non-volatile main memory (NVMM) retains data after power loss. This allows memory to host data persistently across crashes and reboots, but opens up ...
SECRET: smartly EnCRypted energy efficient non-volatile memories
DAC '16: Proceedings of the 53rd Annual Design Automation Conference

Data persistence in emerging non-volatile memories (NVMs) poses a multitude of security vulnerabilities, motivating main memory encryption for data security. However, practical encryption algorithms demonstrate strong diffusion characteristics that ...
ASSURE: Authentication Scheme for SecURE Energy Efficient Non-Volatile Memories
DAC '17: Proceedings of the 54th Annual Design Automation Conference 2017

Data tampering threatens data integrity in emerging non-volatile memories (NVMs). Whereas Merkle Tree (MT) memory authentication is effective in thwarting data tampering attacks, it drastically increases cell writes and memory accesses, adversely ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ISCA '19: Proceedings of the 46th International Symposium on Computer Architecture

June 2019

849 pages

ISBN:9781450366694

DOI:10.1145/3307650

General Chair:
Srilatha (Bobbie) Manne
Microsoft
,
Program Chairs:
Hillery Hunter
IBM
,
Erik Altman
IBM Research

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGARCH: ACM Special Interest Group on Computer Architecture

In-Cooperation

IEEE-CS\DATC: IEEE Computer Society

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 June 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ISCA '19

Sponsor:

SIGARCH

ISCA '19: The 46th Annual International Symposium on Computer Architecture

June 22 - 26, 2019

Arizona, Phoenix

Acceptance Rates

ISCA '19 Paper Acceptance Rate 62 of 365 submissions, 17%;

Overall Acceptance Rate 543 of 3,203 submissions, 17%

Upcoming Conference

ISCA '25

Sponsor:
sigarch

The 52nd Annual International Symposium on Computer Architecture

June 21 - 25, 2025

Tokyo , Japan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

45
Total Citations
View Citations
1,455
Total Downloads

Downloads (Last 12 months)78
Downloads (Last 6 weeks)10

Reflects downloads up to 18 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Du CLin ZWu SChen YWu JWang SWang WWu QMao B(2024)FSDedup: Feature-Aware and Selective Deduplication for Improving Performance of Encrypted Non-Volatile Main MemoryACM Transactions on Storage10.1145/366273620:4(1-33)Online publication date: 1-May-2024
https://dl.acm.org/doi/10.1145/3662736
Thomas SWorkneh KMcCarty JIzraelevitz JLehman TBahar RTsafrir DMusuvathi MGupta RAbu-Ghazaleh N(2024)A Midsummer Night’s Tree: Efficient and High Performance Secure SCMProceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 310.1145/3620666.3651354(22-37)Online publication date: 27-Apr-2024
https://dl.acm.org/doi/10.1145/3620666.3651354
Shadab RZou YLin M(2024)CTR+: A High-Performance Metadata Access Scheme for Secure Embedded Memory in Heterogeneous Computing Systems2024 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)10.1109/HOST55342.2024.10545394(304-308)Online publication date: 6-May-2024
https://doi.org/10.1109/HOST55342.2024.10545394
Huang WZhu BShu JLi SWang ZGao Y(2024)PireSPM: Efficient and Recoverable Secure Persistent Memory for Multi-cores2024 IEEE 24th International Symposium on Cluster, Cloud and Internet Computing (CCGrid)10.1109/CCGrid59990.2024.00015(47-56)Online publication date: 6-May-2024
https://doi.org/10.1109/CCGrid59990.2024.00015
Zhou YZeng JJeong JChoi JJung C(2023)SweepCache: Intermittence-Aware Cache on the CheapProceedings of the 56th Annual IEEE/ACM International Symposium on Microarchitecture10.1145/3613424.3623781(1059-1074)Online publication date: 28-Oct-2023
https://dl.acm.org/doi/10.1145/3613424.3623781
Alam FLee HBhattacharjee AAwad A(2023)CryptoMMU: Enabling Scalable and Secure Access Control of Third-Party AcceleratorsProceedings of the 56th Annual IEEE/ACM International Symposium on Microarchitecture10.1145/3613424.3614311(32-48)Online publication date: 28-Oct-2023
https://dl.acm.org/doi/10.1145/3613424.3614311
Shadab RZou YGandham SAwad ALin M(2023)HMT: A Hardware-centric Hybrid Bonsai Merkle Tree Algorithm for High-performance AuthenticationACM Transactions on Embedded Computing Systems10.1145/359517922:4(1-28)Online publication date: 24-Jul-2023
https://dl.acm.org/doi/10.1145/3595179
Freij AZhou HSolihin Y(2023)SecPB: Architectures for Secure Non-Volatile Memory with Battery-Backed Persist Buffers2023 IEEE International Symposium on High-Performance Computer Architecture (HPCA)10.1109/HPCA56546.2023.10071082(677-690)Online publication date: Feb-2023
https://doi.org/10.1109/HPCA56546.2023.10071082
Du CWu SWu JMao BWang S(2023)ESD: An ECC-assisted and Selective Deduplication for Encrypted Non-Volatile Main Memory2023 IEEE International Symposium on High-Performance Computer Architecture (HPCA)10.1109/HPCA56546.2023.10071011(977-990)Online publication date: Feb-2023
https://doi.org/10.1109/HPCA56546.2023.10071011
Huang JHua Y(2023)Root Crash Consistency of SGX-style Integrity Trees in Secure Non-Volatile Memory Systems2023 IEEE International Symposium on High-Performance Computer Architecture (HPCA)10.1109/HPCA56546.2023.10071003(152-164)Online publication date: Feb-2023
https://doi.org/10.1109/HPCA56546.2023.10071003
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents