research-article

Public Access

Pagevault: securing off-chip memory using page-based authentication

Authors:

Blaise-Pascal Tine,

Sudhakar YalamanchiliAuthors Info & Claims

MEMSYS '17: Proceedings of the International Symposium on Memory Systems

Pages 293 - 304

https://doi.org/10.1145/3132402.3132439

Published: 02 October 2017 Publication History

Abstract

Security remains an essential requirement for computing systems today. With the advent of Cloud Computing, new online services have emerged that deal with sensitive content, e.g. stock trading, banking, medical, legals etc., making security a crucial necessity. The unique threat model of cloud computing comes from the realization that consumers do not have direct access to the computing resources, placing their data in an untrusted environment. Hardware security protects computing resources by providing data confidentiality and data integrity. Memory attacks represent the most common hardware attacks and as a result, have been studied extensively during the past decade. All current state-of-the-art memory protection schemes encrypt user data blocks on the host processor before sending them to off-chip memory. The integrity test is done using a message authentication code, stored in memory as meta-data to save space on the host processor. This meta-data not only increases the memory traffic but also occupy a significant portion of the memory space that could have been used by the application. We present a new memory protection scheme, a page-based authentication algorithm which is based on Aggregate Message Authentication Code (AMAC [10]). Our scheme uses AMAC to compress the MAC of multiple memory blocks, reducing the meta-data overhead and saving a significant amount of memory space. Our analysis targets high capacity memory systems where the meta-data overhead is significant. With the same amount of on-chip cache, protecting 8 GB of memory using our scheme only necessitates 8% of off-chip meta-data, compared to 23% in prior work, and this saving comes with up to 12% improvement in IPC performance.

References

[1]

C. Bienia, S. Kumar, J. P. Singh, and K. Li. The parsec benchmark suite: Characterization and architectural implications. In Proceedings of the 17th International Conference on Parallel Architectures and Compilation Techniques, pact '08, pages 72--81, New York, NY, USA, 2008. ACM.

Digital Library

[2]

T. Dierks and E. Rescorla. The transport layer security (tls) protocol. In IETF RFC 4346, 2006.

[3]

D. Eastlake 3rd and P. Jones. Us secure hash algorithm 1 (sha1). Technical report, 2001.

Digital Library

[4]

R. Elbaz, D. Champagne, C. Gebotys, R. B. Lee, N. Potlapally, and L. Torres. Transactions on computational science iv. chapter Hardware Mechanisms for Memory Authentication: A Survey of Existing Techniques and Engines, pages 1--22. Springer-Verlag, Berlin, Heidelberg, 2009.

Digital Library

[5]

B. Gassend, G. E. Suh, D. Clarke, M. van Dijk, and S. Devadas. Caches and hash trees for efficient memory integrity verification. In Proceedings of the 9th International Symposium on High-Performance Computer Architecture, HPCA '03, pages 295-, Washington, DC, USA, 2003. IEEE Computer Society.

Digital Library

[6]

S. Gueron. A memory encryption engine suitable for general purpose processors. Cryptology ePrint Archive, Report 2016/204, 2016.

[7]

M. Henson and S. Taylor. Memory encryption: A survey of existing techniques. ACM Comput. Surv., 46(4):53:1--53:26, Mar. 2014.

Digital Library

[8]

A. B. Huang. The trusted pc: skin-deep security. Computer, 35(10):103--105, Oct 2002.

Digital Library

[9]

A. B. Huang. Hacking the Xbox: An Introduction to Reverse Engineering. No Starch Press, San Francisco, CA, USA, 2003.

Digital Library

[10]

J. Katz and A. Y. Lindell. Aggregate message authentication codes. In Proceedings of the 2008 The Cryptopgraphers' Track at the RSA Conference on Topics in Cryptology, CT-RSA'08, pages 155--169, Berlin, Heidelberg, 2008. Springer-Verlag.

Digital Library

[11]

L. M. Kaufman. Data security in the world of cloud computing. IEEE Security Privacy, 7(4):61--64, July 2009.

Digital Library

[12]

H. Krawczyk, M. Bellare, and R. Canetti. Hmac: Keyed-hashing for message authentication, 1997.

[13]

H. Lipmaa, D. Wagner, and P. Rogaway. Comments to nist concerning aes modes of operation: Ctr-mode encryption, 2000.

[14]

D. A. McGrew and J. Viega. The security and performance of the galois/counter mode (gcm) of operation. In In INDOCRYPT, volume 3348 of LNCS, pages 343--355. Springer, 2004.

Digital Library

[15]

R. C. Merkle. Secrecy, authentication, and public key systems. PhD thesis, 1979.

Digital Library

[16]

L. Nai, Y. Xia, I. G. Tanase, H. Kim, and C.-Y. Lin. Graphbig: Understanding graph computing in the context of industrial solutions. In Proceedings of the International Conference for High Performance Computing, Networking, Storage and Analysis, SC '15, pages 69:1--69:12, New York, NY, USA, 2015. ACM.

Digital Library

[17]

J. Nechvatal, E. B. L. Bassham, M. Dworkin, J. Foti, and E. Roback. Report on the development of the advanced encryption standard (aes. Technical report, 2000.

[18]

E. Rescorla and A. Schiffman. The secure hypertext transfer protocol, 1999.

[19]

B. Rogers, Raleigh, S. Chhabra, M. Prvulovic, and D. Solihin. Using address independent seed encryption and bonsai merkle trees to make secure processors os- and performance-friendly. In 40th Annual IEEE/ACM International Symposium on Microarchitecture, pages 183--196, 2007.

Digital Library

[20]

F. Schuster, M. Costa, C. Fournet, C. Gkantsidis, M. Peinado, G. Mainar-Ruiz, and M. Russinovich. Vc3: Trustworthy data analytics in the cloud using sgx. In Security and Privacy (SP), 2015 IEEE Symposium on, pages 38--54, 2015.

Digital Library

[21]

G. E. Suh, D. Clarke, B. Gassend, M. v. Dijk, and S. Devadas. Efficient memory integrity verification and encryption for secure processors. In Proceedings of the 36th Annual IEEE/ACM International Symposium on Microarchitecture, MICRO 36, pages 339-, Washington, DC, USA, 2003. IEEE Computer Society.

Digital Library

[22]

J. Szefer and S. Biedermann. Towards fast hardware memory integrity checking with skewed merkle trees. In Proceedings of the Third Workshop on Hardware and Architectural Support for Security and Privacy, HASP '14, pages 9:1--9:8, New York, NY, USA, 2014. ACM.

Digital Library

[23]

J. Wang, J. Beu, R. Bheda, T. Conte, Z. Dong, C. Kersey, M. Rasquinha, G. Riley, W. Song, H. Xiao, P. Xu, and S. Yalamanchili. Manifold: A parallel simulation framework for multicore systems. In 2014 IEEE International Symposium on Performance Analysis of Systems and Software (ISPASS), March 2014.

[24]

Winter and Johannes. Trusted computing building blocks for embedded linux-based arm trustzone platforms. In Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing, STC '08, pages 21--30, New York, NY, USA, 2008. ACM.

Digital Library

[25]

S. C. Woo, M. Ohara, E. Torrie, J. P. Singh, and A. Gupta. The splash-2 programs: Characterization and methodological considerations. In Proceedings of the 22Nd Annual International Symposium on Computer Architecture, ISCA '95, pages 24--36, New York, NY, USA, 1995. ACM.

Digital Library

[26]

C. Yan, D. Englender, M. Prvulovic, B. Rogers, and Y. Solihin. Improving cost, performance, and security of memory encryption and authentication. In Proceedings of the 33rd Annual International Symposium on Computer Architecture, ISCA '06, pages 179--190, Washington, DC, USA, 2006. IEEE Computer Society.

Digital Library

[27]

J. Yang, Y. Zhang, and L. Gao. Fast secure processor for inhibiting software piracy and tampering. In Proceedings of the 36th Annual IEEE/ACM International Symposium on Microarchitecture, MICRO 36, pages 351-, Washington, DC, USA, 2003. IEEE Computer Society.

Digital Library

[28]

H. Zhang, G. Chen, B. C. Ooi, K. L. Tan, and M. Zhang. In-memory big data management and processing: A survey. IEEE Transactions on Knowledge and Data Engineering, 27(7):1920--1948, July 2015.

Digital Library

Cited By

Werner JMason JAntonakakis MPolychronakis MMonrose FGalbraith SRussello GSusilo WGollmann DKirda ELiang Z(2019)The SEVerESt Of Them AllProceedings of the 2019 ACM Asia Conference on Computer and Communications Security10.1145/3321705.3329820(73-85)Online publication date: 2-Jul-2019
https://dl.acm.org/doi/10.1145/3321705.3329820

Recommendations

A Novel Memory Block Management Scheme for PCM Using WOM-Code
HPCC-CSS-ICESS '15: Proceedings of the 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conf on Embedded Software and Systems

Phase Change Memory (PCM) is a promising DRAM replacement in embedded systems due to its attractive characteristics including low static power consumption and high density. However, long write latency is one of the major drawbacks in current PCM ...
WOM-Code Solutions for Low Latency and High Endurance in Phase Change Memory
This paper describes a write-once-memory-code phase change memory (WOM-code PCM) architecture for next-generation non-volatile memory applications. Specifically, we address the long latency of the write operation in PCM—attributed to PCM SET—...
DEUCE: Write-Efficient Encryption for Non-Volatile Memories
ASPLOS'15

Phase Change Memory (PCM) is an emerging Non Volatile Memory (NVM) technology that has the potential to provide scalable high-density memory systems. While the non-volatility of PCM is a desirable property in order to save leakage power, it also has the ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

MEMSYS '17: Proceedings of the International Symposium on Memory Systems

October 2017

409 pages

ISBN:9781450353359

DOI:10.1145/3132402

General Chair:
Bruce Jacob
University of Maryland

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 October 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Funding Sources

LexisNexis Inc.
National Science Foundation

Conference

MEMSYS 2017

MEMSYS 2017: The International Symposium on Memory Systems, 2017

October 2 - 5, 2017

Virginia, Alexandria

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
234
Total Downloads

Downloads (Last 12 months)102
Downloads (Last 6 weeks)23

Reflects downloads up to 02 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Werner JMason JAntonakakis MPolychronakis MMonrose FGalbraith SRussello GSusilo WGollmann DKirda ELiang Z(2019)The SEVerESt Of Them AllProceedings of the 2019 ACM Asia Conference on Computer and Communications Security10.1145/3321705.3329820(73-85)Online publication date: 2-Jul-2019
https://dl.acm.org/doi/10.1145/3321705.3329820

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten