Seminars

View all Seminars  |  Download ICal for this event

Achieving a practical secure non-volatile memory system with in-Memory Integrity Verification (iMIV)

Series: M.Tech (Research) Thesis Defense

Speaker: Rajat Jain

Date/Time: Sep 01 09:30:00

Location: CSA Seminar Hall (Room No. 254, First Floor)

Faculty Advisor: Arkaprava Basu

Abstract:
Recent commercialization of Non-Volatile Memory (NVM) technology in the form of Intel Optane enables programmers to write recoverable programs. However, the data on NVM is susceptible to a plethora of data remanence attacks, which makes confidentiality and integrity protection of data essential for a secure NVM system. However, that requires computing and maintaining a large amount of security metadata (encryption counters, message authentication code (MAC), and integrity tree nodes (BMT)). Furthermore, crash consistency guarantees require the system to persist the security metadata and data atomically back to NVM, incurring high overheads. So there is a trade-off between providing complete security guarantees, the performance and recovery time of an NVM system.

To ensure the confidentiality and integrity of data, a substantial quantity of security metadata is required. Of these, persisting Bonsai Merkel Tree (BMT) nodes, which are essential for fine-grain integrity verification, add substantial cost owing to the massive amount of data that must be moved off-chip to the bandwidth-constrained NVM. Thus, prior works often make a trade-off between performance and fine-grain verifiability or forego it entirely in favor of performance.

The goal of this thesis is to maintain strong security and verifiability guarantees while limiting the cost of BMT updates and my thesis accomplishes this by leveraging the in-memory integrity verification. We make the fine-grain integrity verifiability realizable with a radically different approach of using in-memory computing for integrity verification. Our proposal, iMIV draws inspiration from the fact that today's commercial Optane NVM performs encryption onboard the DIMM. We argue that memory-intensive integrity verification operation should be performed near the (non-volatile) memory to avoid off-chip data movement. iMIV targets to minimize the off-chip memory transfer and mitigate the effect of bandwidth wall and also scales to larger NVM capacity in future systems with per-DIMM BMT.

The experiments and analysis are carried out on a trace-driven cycle-accurate simulator VANS, which mimics the internal micro-architecture of Intel Optane memory DIMMs. The experimental results show that in comparison to the Baseline scheme with write-through caches and a strict persistency model, which also provides complete security guarantees, iMIV reduces system runtime by 1.8 times for persistent-memory aware workloads and 3.4 times for persistent-memory agnostic workloads. iMIV's recovery time on system crashes is microseconds-scale without compromising on detecting tampering and fast pin-point of the unverifiable region. iMIV limits the performance overheads associated with fine-grain integrity verifiability to less than 55 percent compared to a system that offers no security.

Speaker Bio:
Rajat Jain is an MTech Research student in the Department of Computer Science and Automation at IISc, Bangalore. He is currently advised by Professor Arkaprava Basu. His research focuses on near-memory computing and persistent memory. During his MTech(Res), he sought to improve the performance of secure NVM systems to make them realistic by minimizing the off-chip NVM data movement needed for security metadata. His project called iMIV (in-Memory Integrity Verification) is submitted to HPCA'23. Intel is in the midst of filing a patent application for the iMIV's design, as it was developed in partnership with Intel. After completing his MTech, he joined the Processor Architecture Lab at Intel as a Research Scientist.

Host Faculty: Arkaprava Basu