Conference Paper

Defending Against Attacks on Main Memory Persistence

Dept. of Comput. Sci. & Eng., Pennsylvania State Univ., University Park, PA
DOI: 10.1109/ACSAC.2008.45 Conference: Computer Security Applications Conference, 2008. ACSAC 2008. Annual
Source: IEEE Xplore

ABSTRACT Main memory contains transient information for all resident applications. However, if memory chip contents survives power-off, e.g., via freezing DRAM chips, sensitive data such as passwords and keys can be extracted. Main memory persistence will soon be the norm as recent advancements in MRAM and FeRAM position non-volatile memory technologies for widespread deployment in laptop, desktop, and embedded system main memory. Unfortunately, the same properties that provide energy efficiency, tolerance against power failure, and "instant-on'' power-up also subject systems to offline memory scanning. In this paper, we propose a memory encryption control unit (MECU) that provides memory confidentiality during system suspend and across reboots. The MECU encrypts all memory transfers between the processor-local level 2 cache and main memory to ensure plaintext data is never written to the persistent medium. The MECU design is outlined and performance and security trade-offs considered. We evaluate a MECU-enhanced architecture using the SimpleScalar hardware simulation framework on several hardware benchmarks. This analysis shows the majority of memory accesses are delayed by less than 1 ns, with higher access latencies (caused by resume state reconstruction) subsiding within 0.25 seconds of a system resume. In effect, the MECU provides zero-cost steady state memory confidentiality for non-volatile main memory.

0 Followers
 · 
132 Views
    • "PRAMs are non-volatile, so there are privacy concerns over the contents residing in it. The authors in [4] propose a new mechanism to improve these types of memories. They use a counter mode encryption, with secret keys stored inside the processor, but with additional counters for each data block. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Increasing the security of memory systems is relevant due to the sensitive information which is stored in plain-text. Over the last decade, device specific attacks have been reported as being successfully in retrieving encryption and private keys from AES algorithms. A novel technique is proposed in this work, which improves the security of a cache memory through the use of data scrambling. Several dissemination rules are explained and employed, in order to make the proposed method a viable security solution. The proposed technique is evaluated from several points of view (area overhead, power consumption and performance) and compared to a standard technique.
    2014 IEEE International Conference on Intelligent Computer Communication and Processing (ICCP),, Cluj-Napoca, Romania; 09/2014
  • Source
    • "PRAMs are non-volatile, so there are privacy concerns over the contents residing in it. The authors in [4] propose a new mechanism to improve these types of memories. They use a counter mode encryption, with secret keys stored inside the processor, but with additional counters for each data block. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Protecting the information inside a memory is vital in any digital system. The target objective is to make the data unreadable because device specific attacks can occur at any time. We propose a novel security measure for protecting and securing the stored data from a memory system, by using random vectors for scrambling the information. The results show that data scrambling is possible in any kind of memory system, all with low area overhead, small delay penalty and low power consumption.
    2014 IEEE International Conference on Automation, Quality and Testing, Robotics (AQTR); 05/2014
  • Source
    • "In either case (theft or intrusion), critical data on the device is at risk. Since execution state is durable even after a device is powered down, NVRAM can exacerbate this risk [7]: NVRAM makes cold-boot attacks [8] trivial to perform. "
    [Show abstract] [Hide abstract]
    ABSTRACT: The existence of two basic levels of storage (fast/volatile and slow/non-volatile) has been a long-standing premise of most computer systems, influencing the design of OS components, including file systems, virtual memory, scheduling, execution models, and even their APIs. Emerging resistive memory technologies – such as phase-change memory (PCM) and memristors – have the potential to provide large, fast, non-volatile memory systems, changing the assumptions that motivated the design of current operating systems. This paper examines the implications of non-volatile memories on a number of OS mechanisms, functions, and properties.
Show more

Preview

Download
1 Download
Available from