From Ideal to Practice: Data Encryption in eADR-based Secure Non-Volatile Memory Systems
Jianming Huang, Yu Hua
TL;DR
This paper introduces cost-efficient encryption schemes for eADR-based NVM systems that ensure data confidentiality without significantly impacting performance, bridging the gap between persistence and security.
Contribution
It proposes novel encryption schemes, BBE and Sepencr, tailored for ideal and practical eADR execution models to enhance data confidentiality efficiently.
Findings
BBE supports encryption via eADR battery during crashes.
Sepencr encrypts cached data at system startup using OTPs.
Significant performance overhead reduction compared to in-cache encryption.
Abstract
Extended Asynchronous DRAM Refresh (eADR) proposed by Intel extends the persistence domain from the Non-Volatile Memory (NVM) to CPU caches and offers the persistence guarantee. Due to allowing lazy persistence and decreasing the amounts of instructions, eADR-based NVM systems significantly improve performance. Existing designs however fail to provide efficient encryption schemes to ensure data confidentiality in eADR-based NVM systems. It is challenging to guarantee both data persistence and confidentiality in a cost-efficient manner due to the transient persistence property of caches in eADR. Once the system crashes, eADR flushes the unencrypted data from the cache into NVM, in which security issues occur due to no encryption. To bridge the gap between persistence and confidentiality, we propose cost-efficient BBE and Sepencr encryption schemes that efficiently match different eADR…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Data Storage Technologies · Cloud Data Security Solutions · Security and Verification in Computing