View all Seminars  |  Download ICal for this event

Achieving practical secure non-volatile memory system with in-Memory Integrity Verification (iMIV)

Series: M.Tech (Research) Colloquium

Speaker: Rajat Jain

Date/Time: Jan 19 14:00:00

Location: Online

Faculty Advisor: Arkaprava Basu

Recent commercialization of Non-Volatile Memory (NVM) technology in the form of Intel Optane enables programmers to write recoverable programs. However, the data on NVM is susceptible to a plethora of data remanence attacks, which makes confidentiality and integrity protection of data essential for a secure NVM system. However, that requires computing and maintaining a large amount of security metadata (encryption counters, message authentication code (MAC), and integrity tree nodes (BMT)). Furthermore, crash consistency guarantees require the system to persist the security metadata and data atomically back to NVM, incurring high overheads. So there is a trade-off between providing complete security guarantees, the performance and recovery time of an NVM system.
To ensure the confidentiality and integrity of data, a substantial quantity of security metadata is required. Of these, persisting Bonsai Merkel Tree (BMT) nodes, which are essential for fine-grain integrity verification, add substantial cost owing to the massive amount of data that must be moved off-chip to the bandwidth-constrained NVM. Thus, prior works often make a trade-off between performance and fine-grain verifiability or forego it entirely in favor of performance.
The goal of this thesis is to maintain strong security and verifiability guarantees while limiting the cost of BMT updates and my thesis accomplishes this by leveraging the in-memory integrity verification. We make the fine-grain integrity verifiability realizable with a radically different approach of using in-memory computing for integrity verification. Our proposal, iMIV draws inspiration from the fact that today's commercial Optane NVM performs encryption onboard the DIMM. We argue that memory-intensive integrity verification operation should be performed near the (non-volatile) memory to avoid off-chip data movement. iMIV targets to minimize the off-chip memory transfer and mitigate the effect of bandwidth wall and also scales to larger NVM capacity in future systems with per-DIMM BMT.
The experiments and analysis are carried out on a trace-driven cycle-accurate simulator VANS, which mimics the internal micro-architecture of Intel Optane memory DIMMs. The experimental results show that in comparison to the Baseline scheme with write-through caches and strict persistency model, which also provides complete security guarantees, iMIV reduces system runtime by 1.8 times for persistent-memory aware workloads and 3.4 times for persistent-memory agnostic workloads. iMIV's recovery time on system crashes is microseconds-scale without compromising on detecting tampering and fast pin-point of the unverifiable region. iMIV limits the performance overheads associated with fine-grain integrity verifiability to less than 55 percent compared to a system that offers no security.

Speaker Bio:
I, Rajat Jain, am an MTech Research student in the Department of Computer Science and Automation at IISc, Bangalore. I am part of the Computer Systems Lab (CSL) and works under the guidance of Prof. Arkaprava Basu. During MTech(Res), I have worked on improving the performance of secure NVM systems to make them practical to use by mitigating the constrained NVM write bandwidth bottleneck. I am interested in continuing my research in the domain of persistent memory (PM) and figuring out ways to optimize the performance of various workloads utilizing PM. I am also interested in figuring out ways to best utilize the heterogeneous systems comprising DRAM, and PM.

Host Faculty: Arkaprava Basu