Conference Paper

Defending Against Attacks on Main Memory Persistence

Dept. of Comput. Sci. & Eng., Pennsylvania State Univ., University Park, PA
DOI: 10.1109/ACSAC.2008.45 In proceeding of: Computer Security Applications Conference, 2008. ACSAC 2008. Annual
Source: IEEE Xplore

ABSTRACT Main memory contains transient information for all resident applications. However, if memory chip contents survives power-off, e.g., via freezing DRAM chips, sensitive data such as passwords and keys can be extracted. Main memory persistence will soon be the norm as recent advancements in MRAM and FeRAM position non-volatile memory technologies for widespread deployment in laptop, desktop, and embedded system main memory. Unfortunately, the same properties that provide energy efficiency, tolerance against power failure, and "instant-on'' power-up also subject systems to offline memory scanning. In this paper, we propose a memory encryption control unit (MECU) that provides memory confidentiality during system suspend and across reboots. The MECU encrypts all memory transfers between the processor-local level 2 cache and main memory to ensure plaintext data is never written to the persistent medium. The MECU design is outlined and performance and security trade-offs considered. We evaluate a MECU-enhanced architecture using the SimpleScalar hardware simulation framework on several hardware benchmarks. This analysis shows the majority of memory accesses are delayed by less than 1 ns, with higher access latencies (caused by resume state reconstruction) subsiding within 0.25 seconds of a system resume. In effect, the MECU provides zero-cost steady state memory confidentiality for non-volatile main memory.

  • [Show abstract] [Hide abstract]
    ABSTRACT: Constructed wetlands are being considered a sustainable and promising option whose performance, cost and resources utilization can complement or replace conventional water treatment. The literature reported the fact that an insufficient residence time of pollutants in soils induces an incomplete and unfinished biodegradation process. In this work, engineering solutions are proposed with the objective of significantly increasing the solute retention capacity in the horizontal flow constructed wetland (HFCW). Using several numerical tracers experiments with different operating scenarios, such as the HFCW physical configuration, the flow rate, the boundary conditions, the adsorption layer thickness, practical methods and a new empirical law are suggested in order to substantially increase the adsorption ability in the HFCW, and hence the pollutant removal. Furthermore, it appears that there is no impact of the adsorbent layer thickness on the solute mean residence time with high values of adsorption coefficient (kd). For smaller kd values, the deeper the adsorption layer thickness, the higher the retention time.
    Ecological Engineering. 01/2011; 37(4):636-643.
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: A practical algorithm that recovers AES key schedules from decayed memory images is presented. Halderman et al. [1] established this recovery capability, dubbed the cold-boot attack, as a serious vulnerability for several widespread software-based encryption packages. Our algorithm recovers AES-128 key schedules tens of millions of times faster than the original proof-of-concept release. In practice, it enables reliable recovery of key schedules at 70% decay, well over twice the decay capacity of previous methods. The algorithm is generalized to AES-256 and is empirically shown to recover 256-bit key schedules that have suffered 65% decay. When solutions are unique, the algorithm efficiently validates this property and outputs the solution for memory images decayed up to 60%.
    Selected Areas in Cryptography, 16th Annual International Workshop, SAC 2009, Calgary, Alberta, Canada, August 13-14, 2009, Revised Selected Papers; 01/2009
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: The existence of two basic levels of storage (fast/volatile and slow/non-volatile) has been a long-standing premise of most computer systems, influencing the design of OS components, including file systems, virtual memory, scheduling, execution models, and even their APIs. Emerging resistive memory technologies – such as phase-change memory (PCM) and memristors – have the potential to provide large, fast, non-volatile memory systems, changing the assumptions that motivated the design of current operating systems. This paper examines the implications of non-volatile memories on a number of OS mechanisms, functions, and properties.


Available from