You are on page 1of 12

ABSTRACT Demandformemorytechnologieswithahigherdensityandbetterscalabilityhasledtothe emergenceofnonvolatilemainmemoryasanalternatememorytechnology.ThePhaseChange Memory(PCM)hasemergedhasafrontrunnerintheNVMMraceduetoitsfasterreadlatency andpotentiallyhigherstoragedensity.ButthePCMsufferslimitedwriteenduranceanddata remanencewhichcouldbeexploitedassecurityvulnerabilities,precludingitsuseinthemain memoryhierarchy.Toaddresstheissueoflimitedwriteendurance,recentstudieshaveproposed eitherreducingPCMswritefrequencyoruseofwearlevelingtoevenlydistributewrites.Even thoughthesetechniquesincreasethelifetimeofPCM,theydonotpreventmaliciouslydesigned codesfromwearingitoutquickly.Anothersecurityconcerninthemainmemoryrealmisthe protectionofoffchipDRAMmemory,astodayasystemrequirestwoseparatemechanisms integrityverificationtodetectmalicioustamperingofmemoryanderrorcorrectingcodesto detectandcorrectrandomerrorsforoffchipmemoryprotection.

Thispaperpresentsthreedifferenttechniquesaddressinglimitedwriteendurance,data remanenceofthePCMandunifyingtheintegrityverificationanderrorcorrectingtechniquesfor offchipmemory.Thefirsttechniqueproposestheuseofalowcosthardwaremechanismcalled SecurityRefreshtoavoidinformationleakbyconstantlymigratingdataphysicallocationusing dynamicallyrandomizedaddressmappingscheme;thehardwareoverheadissmallandthebest lifetimeachievedunderworstcasemaliciousattackismorethansixyears.Thesecondtechnique introducesiNVMM,adataprivacyprotectionschemeforNVMM,wherethemainmemoryis encryptedincrementally;experimentsshowediNVMMkeeps78%ofthemainmemoryencrypted andincursonly3.7%executiontimeoverhead.ThethirdtechniqueproposesIVEC,amemory protectionschemethatunifiesintegrityverificationanderrorcorrectingschemeswithless overhead.

INTRODUCTION Amajortechnologicalshiftinthe21stcenturyistheincreaseinthenumberofcoresonachipin mostmicroprocessorsandanincreaseinsoftwarecomplexitywhichhasplacedanextraordinary demandonthemainmemorycapacity.TraditionalmemorytechnologieslikeDRAMfaceserious challengesintermsofcost,energyconsumption,andscalability[1].ThoughDRAMisstillwidely used,researchershavestartedlookingintoalternatives,allofwhicharemainlynonvolatilesuch asPhaseChangememory(PCM)andMagnetoresistiveRAM.PCMseemspromisingbecauseitis claimedtobe4denserthanDRAM,hasdemonstratedinprototypestoscalebetterthanDRAM, andisonly24slowerthanDRAM.However,PCMhassignificantdisadvantages.One disadvantageisitslimitedwriteendurancecomparedtoDRAM.Thecurrentwriteenduranceofa PCMcellis108althoughthenumberisprojectedtobeincreasedto1022in2022accordingto InformationTechnologyRoadmapforSemiconductors(ITRS).Studieshavefocusedonaddressing thisissuebyeitherreducingPCMswritefrequencyorusingwearlevelingtechniquestoevenly distributewrites.Thesetechniques,thoughincreasesthelifetimeofPCMundernormal operations,failtoaddressmaliciouslywrittencodesintendedtowearoutandfailPCM.Another disadvantageisitssecurityvulnerabilitywheredatapersistsonthemainmemoryevenwhenthe systemispowereddowndataremanence[1].Eveninthepresenceofatechnologicalshiftto nonvolatiletechnologies,theuseofDRAMistillwidespreadandthepresenceofoffchipmemory exposestheoffchipmemorytomalicioustampering.Researchershaveproposedsecure processorsforsecuritytoprotectagainstsoftwareattacksandphysicalattacks[3].Various techniqueshavealsobeendevelopedforreliabilityduetotheincreaseinbothtransientand permanentfaultsasaresultoftechnologyscaling.Thoughbothsecurityandreliabilityaddress errorsincomputingdevices,mostoftodaystechniquesonlytargeteithersecurityorreliability separately.

InthecaseofthelimitedwriteenduranceofaPCM,anattackercanwigglethememorybitsofthe samePCMlocation,wearingthemout.AnattackercanalsoexploitcompromisedOSto manipulateallprocessesandexploitsidechannels,speedingupthewearoutoftargetedPCM blocksandrendersadysfunctionalsystem[2].AnimplicationofdataremanenceonPCMisthat anattackerwithphysicalaccesstothesystemcanscanthemainmemorycontentanextractall valuableinformationoffthemainmemory,informationlikeuserpasswords,creditcardnumbers andothersecuritysensitivedata[1]. Thispapershowsthatinaddressingtheissueoflimitedwriteendurance,PCMdesignsshouldnot onlytakewearoutundernormalprogramexecutionintoconsiderationbutalsoconsiderthe worstcasescenariosinvolvingmaliciousexploitsandacompromisedOS;necessitatingtheneed ofdynamicruntimerandomizationtoimprovewearoutvulnerabilityandpreventconstructionof usefulknowledgegleanedfromsidechannels[2].ThetechniqueproposedisSecurityRefresha lowcosthardwareembeddedinsidePCMtopreventinformationleakbyconstantlymigrating physicallocationsofPCMdataandobfuscatingtheactualdataplacementfromusersandsystem software[2].AnysolutionthataddressesthesecurityvulnerabilityofdataremanenceonPCM mustsatisfyfourrequirements.ItshouldpreservetheinstantonbenefitofNVMM,itshouldbe selfcontainedinthememorysystem,itshouldbeassecureasitsvolatilepredecessor(DRAM), anditshouldnotincursubstantialperformanceorenergyoverheadsforrunningapplications.i NVMMisproposedasadataprivacyprotectionschemeforNVMMinwhichthemainmemoryis incrementallyencryptedwithouttamperingwithdatatheprocessorisactivelyusing.Athird techniqueispresentedinthispaperIVECwhichsimplyextendsintegrityverificationtoerror correcting,replacingthetraditionalErrorCorrectingCode(ECC).

BACKGROUND MostresearchonnonvolatilemainmemoryhasbeenfocusedonPhaseChangeMemory(PCM)and MagnetoresistiveRAM(MRAM).RelatedworkinPCMasNVMMhasconcentratedonfourprimary areas:bridgingthelatencygapbetweenDRAMandPCM,bridgingtheenergygapofreadand especiallywriteoperationsbetweenDRAMandPCM,increasingwriteendurance,andaddressing securityconcernsinPCM[1].TheareaofresearchinNVMMrelatedtotheproposalsofthispaperis theoneinvolvingsecurityvulnerabilitiesinPCM,whereitslimitedwriteendurancemaybe exploitedbyanattackertorunanapplicationthatcausesdamagetothememorythroughrepeated writes.Toreduceredundantwrites,Leeetal.andQureshietal.proposedtomaintainfinegrained dirtybitsaspartofthecachelinestatetoenablepartialwritesinordertoeliminateredundant writes.Yangetal.andZhouetal.proposeddatacomparisonandwritesschemes,whichreplacea writeoperationwithareadcomparewriteoperationtoeliminatesilentstorestoPCM. Unfortunately,thesemethodssufferfrommaliciouswearoutattacksasanadversarycanalways writecomplementaryvaluestothesamePCMcells.WearlevelingtechniquesproposedbyZhouet al.,integrateswearlevelingmechanismwithtwotechniques:afinegrainedwearlevelingcalled RowShiftingandacoarsegrainedonecalledSegmentSwapping[2].Thiswearlevelinghasits drawbacks:theoverheadofahardwareaddressmappingtableandasortingnetworkrequiredfor pickingalessfrequentlywrittensegment,whichbothpreventstheuseofsmallsegments.Insharp contrast,Qureshietal.proposedrandomizedRegionBasedStartGap(randomizedRBSG)wear levelingmethodbyusinganalgebraicmappingbetweenphysicaladdressesandmemoryaddresses thefirstworktoaddresssecuritythreattoPCM.However,Seongetal.foundthatadeliberately contrivedmaliciouscodecanfailsuchsystemsbyexploitingsidechannelsinacompromisedOS[2]. AnothersecurityvulnerabilityofNVMMisaformofdataremanence(datalingeringaftersystemis poweredoff)vulnerability,inwhichamemorysidesolutionhasnotbeenworkedupon.Already

proposedtechniquesaddressingdataremanenceinvolvecryptographicengineintheprocessorchip andISAsupportforencryptionandintegrityverificationofthemainmemory.Althoughthese techniquesaddressthesecurityvulnerability,ittakesawaythecoremeritsinherentinamemory sidesolutionwhichensurestheencryptionabilityisnotafunctionofanyparticularprocessor platform,instructionsetarchitecture(ISA),orchangestotheprocessorarchitecture.Anencrypted mainmemorydeploymentisnotcurrentlyeconomicallyfeasibleascommodityprocessorsdonot comewithsupportformemoryencryptionandintegrityverificationbutonthecontrary,amemory sidesolutioncanbereadilydeployed. ThereexistalargenumberofscholarlyworksonprotectionofoffchipDRAMmemory,existingin theformofmemoryintegrityverificationanderrorcorrectionusingerrorcorrectingcodes(ECC). Merkletreealgorithmwasinitiallyproposedgenerallytochecktheintegrityoflikelycompromised storagewithoutoverrelianceontrustedonchipmemory.Gassendetal.proposedtoapplythe Merkletreetoprotectoffchipmemorywithcaching[3].Asplitcountermodememoryencryption andintegrityverificationwasproposedusingGMACtofurtherimprovetheintegrityverification latencyandoverheads.BonsaiMerkletreemakestheperformancebetterandintegrityverification moreOSfriendlybyutilizingsmallerMerkletreestoonlyauthenticatecounters.Hammingalso createdthesingleerrorcorrectiondoubleerrordetectionerrorcorrectingcodes(SECDEDECC). HsiaoproposedaclassofoptimalSECDEDcodesthatsimplifiesthedecodinglogicwhichhavebeen furtherextendedtodetectsinglebyteerrorsorcorrect2biterrorsinadjacentbitsusingthesame numberofbits.Researchershaveproposeddoubleerrorcorrectingtripleerrordetecting(DECTED) codestohandlemultibiterrorsbutthishasamemoryoverhead,twicethatofSECDEDcodes.Chip killcorrecthasalsobeenproposedformultibiterrorcorrection.

SCHEMES Therearethreedifferentschemespresentedinthispaper,withalladdressingdifferentsecurity concernsexcepttwooutofthethreesecurityvulnerabilitieswereproposedforPCM(anonvolatile mainmemory),whilethethirdaddressesthesecurityoftheoffchipDRAM. SecurityRefresh ThistechniquewasproposedbySeongetal.toaddressthefailureofPCMduetoitslimitedwrite endurancecausedbymaliciousattacksdeliberatelydesignedtofailthePCM.Thetechnique proposesthedynamicshufflingofaddressspaceovertimetoobfuscateattackersfromobtaining usefulinformationthroughsidechannels.ThisisachievedwiththeuseofaSecurityRefresh Controller(SRC),embeddedinsidethePCM,whichcontrolsthemappingofthememoryaddress (MA)insideaPCMbanktoanewlydefinedaddressspacecalledtheRefreshedorRemapped MemoryAddress(RMA).ThismappingisreferredtoasSecurityRefreshandthispreventsaddress informationleaksfromPCMaccessesbydynamicallyrandomizingmappingbetweenMAsand RMAs.TheSecurityRefreshschemerefreshesaPCMregionbasedonusage[2].TheSRCemploysa distributedsecurityrefreshschemetorefreshregions(aregioniscomposedofmanymemory blocks)inthePCM,andtheSRCwillrefreshamemoryblockafteragivennumberofwrites (securityrefreshinterval)tothememoryblockbypotentiallyremappingittoanewPCMlocation usingarandomlygeneratedkey.Acompleteiterationofrefreshingeverysinglememoryblockina regioniscalledasecurityrefreshroundandtheSRCgeneratesanewrandomkeyforeverynew securityrefreshroundandthisnewkeyisusedwiththeoldkeyformapping. ThemajorhardwarerequirementforitsimplementationistheSecurityRefreshController(SRC)for eachregion.EachSRCconsistsoffourregisters;arandomkeygenerator(RKG)whichgeneratesa newkeyforanewrefreshroundusingthermalnoise;addresstranslationlogic(ATL)whichperforms addresstranslation;remappingchecker(RC)whichchecksifanMAhasbeenremappedinthe

currentroundandalsodeterminesifanaddresswillberemapped;swappinglogic(SWL)which decidesifanMAshouldbemappedornot,andtwoswapbuffers[2].Thefirstbufferstoresthe priorkey,secondbufferstoresthecurrentkey,thirdbufferisaglobalwritecounter(GWC)tocount thenumberofwritestoaregionfortriggeringsecurityrefresh,andfourthbufferisthecurrent refreshpointer(CRP)thatpointstothenextMAtoberefreshed.Atwolevelsecurityrefresh,which dividesalargeregionintosmallerregionswitheachsubregionhavingindividualSRCsandasingle externalSRCtocontroltheactivitieswithintheregion,ispreferredtoaonelevelsecurityrefresh, wherealargeregionshasonlyoneSRCforthesecurityrefresh,becausethelatterhasahigherwrite overheadandperformancepenaltycomparedtotheformer. iNVMM ThistechniquewasproposedbyChhabraetal.toaddressthedataremanencevulnerabilityofPCM wherebydifferentdatainthememoryisencryptedatdifferenttimesdependingontheusefulness ofthedatatotheprocessor.Thisisbasedonthepremisethattheworkingsetofanapplicationis usuallysmallerthantheresidentset;hence,byconvenientlyidentifyingtheworkingsetofa program,therestoftheresidentsetcanbeencrypted.Thetechniquefulfilsthefourrequirements thatanidealsolutionmustcontain:itretainstheinstantonexperienceofanNVMM,itisself containedinthememory,thetimetoencrypttheentirememoryatpowerdownisintheorderofa fewsecondsmatchingDRAMsretentiontime,andithasonlyasmallperformanceandenergy overheads.Theencryptionreliesontheaccuratepredictionofinertpages,whicharepagesnot likelytobeneededbytheprocessorforalongtimeandthus,unlikelytobepartoftheworkingset. Inertpagesdeferfromdeadpageswhichareneveraccessedagainastheymaystillbeaccessedin thenearfuture.Topredictinertpages,astructurecalledInertPagePredictor(IPP)isusedtopredict whenapagehasbecomeinertandcanbeencrypted.TheIPPisdesignedtohavehighcoverage,low mispredictionrateandlowperformanceoverhead[1].TheIPPusesaScanInterval(SI)todetermine

theaccessactivityofapageanditusesaPredictInertThreshold(PIT)todeterminethelengthof inactivityperiodafterwhichapageispredictedasinert.SIandPITarechosentomaximizecoverage andreducemispredictionrateandperformanceoverheads.TheIPPalsodecideswhenapageis decryptedbyemployingaPageDecryptionThreshold,whichisanadjustableparameter;thissetsa thresholdforthenumberofaccessestoapagebeforeitisdecrypted.CorrelationPredecryption, whichborrowsMarkovprefetchingmechanism,isusedtohidedecryptionlatencyoverhead.This predecryptionmechanismworksbyusingpageaddresscorrelationinformationasinputtopredict thenextpagethatwillbeaccessed,andpredecryptitaheadoftime[1]. ThehardwarerequirementinvolvesaPageStatusTable(PST),anSRAMstructurethatkeepstrack ofthepagestatus,addedtotheNVMMmodule.ThePSTindicatesthecurrentencryptionstateofa page,lastaccessofapage,numberofaccessestoapage,nextpageaccessedaftercurrentpage, andanencryption/decryptionpendingstatus.ThereisalsoaCryptoEnginewithtwoinputbuffers withdifferentpriorities(highandlow);pagespredictedasinertaresenttothelowprioritybuffer forencryptionwhiledemandfetchedblocksorpagesaresenttothehighprioritybufferfor decryption.ThecryptographicengineusesasecretkeyandAES(cryptographicstrengthencryption algorithm)toencryptordecryptapageorblock.Therearefouroutputbufferswhichstoresthe encryption/decryptionoutput. IVEC ThistechniquewasproposedbyHuangetal.toextendtheexistingoffchipmemoryintegrity verificationschemetoperformmemoryerrorcorrection[3].Thisunifiedoffchipmemoryintegrity protectionscheme,IVEC,buildsontheuseofeitheracryptographichashfunctionoramessage authenticationcode(MAC)toprotecttheintegrityofoffchipmemorywithoutrelianceonsecure onchipmemory.Auniquepropertyofcryptographichashfunctionsisitscollisionresistance (difficultyinobtainingtwodifferentinputsthatproducethesamehash).Technicallythereisno

differencebetweendatacorruptionsfromrandomerrorsandcorruptionsfrommaliciousattacks; hence,integrityverificationcanalsodetectrandomerrors.Duetotheinherenterrordetectionof integrityverificationforsecurity,itissimplyextendedinIVECtohandleerrorcorrection,eliminating theneedforaseparateerrordetectionandcorrectionmoduleforoffchipDRAM.IVECcorrects errorsbysimplysearchingforerroneousbitsinerrorlocationsandflippingeachbitsincethehash candetecterrorsbutthissearchexplodesasthenumberofbitstoflipincrease,hence,theIVEC algorithmrestrictsthesearchspacebasedonthefaultmodelandhardwareconfigurations.IVEC employsparitybitstodecreasetheerrorcorrectionsearchspaceandimprovemultibiterror correction.Theparitybitsarestoredinregularmemoryspaceinthesamewayintegrityverification storesmetadata.Thehardwareimplementationusesanalreadyproposedintegrityverification scheme,wheretheGMACisusedastheMACfunction.ThebaselineschemeisaGMACTreeand IVEConlydefersinthewayitcorrectserrorswhenintegrityverificationfails. IVECextendstheGMACTreebytheadditionofthefollowingmodulestothebaselinescheme:a dataqueuethatstoresablockfrommemorywhileitsintegrityisbeingchecked,acorrectionbuffer whichstoresinformationformemoryblockswhoseintegritycheckfailed.Thebufferentriesinclude theAESresult,thememoryblock,theparentMAC,paritybits,andanidentifieroranaddress.The depthofthebuffershouldbesettomatchtheheightoftheMACtreetocorrecterrorsfromthe roottoaleafintheworstcase[3].

RESULTS SecurityRefresh Givena1GBPCMbankwith512subregionsattheinnerlevel,thetwolevelsecurityrefreshcan enduremorethan5yearswith256Bmemoryblockusing128and64writesfortheouterand innerlevelrefreshintervals.Usingpinpointattackstounderstandthewearoutdistributionusing SecurityRefresh,asthenumberofpinpointwritestothesamelocationincreased,thistechnique distributesthedataplacementmoreuniformly,improvingdurability.Analyzingtheperformance impactofSecurityRefreshshowedthatwithnormalapplications(SPEC2006),theaverageIPC degradationisbelow1.2%[2]. iNVMM Thistechniqueusedwithpredecryptionincursanaverageperformanceoverheadofonly5.1%, while78%ofthemainmemoryisalwaysencrypted,leavingonlyasmallfractionforencryptionon powerdown.Theoptimumpagedecryptionthreshold(PDT)is500accessesandtheaverage increaseinthenumberofwritesforPDT500is2.7%.Ittakes5secondstoencrypttheentiremain memoryonpowerdown,matchingthevulnerabilitywindowofDRAM.Overall,iNVMMincursan averageenergyoverheadof5.1%. IVEC IVECcanhandlemultibiterrorswithnogreaterthan4096searchesfortheMCMEmodelandwith nogreaterthan64searchesforallotherthreefaultmodels(singlebiterror[SBE],singlechipsingle error[SCSE],andsinglechipmultierror[SCME]),iftheparitybitsaretwotimestheDRAMwidth. IVECwithoutparitysaves12.1%ofmemorycomparedtoIV+ECC(integrityverificationpluserror correctingcodes).TheperformanceoverheadofIVECincreaseswithsmallerparitycachesizesand asthenumberofparitybitsincreases,theoverheadofbandwidthtrafficincreasesaccordingly[3].

CONCLUSION Whileallthreetechniquesproposedinthispaperaddresssecurityvulnerabilitiesofthemain memoryincomputingsystems,theyaddressdifferenttypesofsecurityvulnerabilities.Whilei NVMMandSecurityRefreshaddresssecurityvulnerabilitiesofPhaseChangeMemorywhichhas beenpredictedtodominatethemainmemorybaselinetechnologyinthenearestfuture,IVEC addressesthesecurityvulnerabilitiesofoffchipmemoryofDRAM,reducingthedependenceof integrityverificationoftheoffchipmemoryonthesecureonchipmemory(secureprocessor).In addressingthesecurityvulnerabilitiesofPCM,SecurityRefreshaddressesthelimitedwrite enduranceofPCMunderdeliberatemaliciousattackstofailthePCM,extendingthelifetimeofan averagePCMtomorethansixyearsundertheworstmaliciousattack,whileiNVMMaddressesthe datalingeringissuewhichisaformofdataremanencevulnerabilitywithPCMbyencrypting differentdataatdifferenttimesonthePCMbasedonitsabilitytopredictifadataisstillusefulto theprocessorornot,thismakesthevulnerabilitywindowcomparabletothatofDRAMatsystem shutdownandstillincurringverylittleperformanceoverhead.IVECisdifferentfromtheothertwo techniquesdiscussedasitonlyunifiesintegrityverificationwitherrorcorrectionschemesbysimply extendingalreadyexistingintegrityverificationtechniquestohandleerrorcorrection,therefore IVECcanbebestunderstoodassimplyanimprovementofanalreadyexistingintegrityverification techniquewhichminimizeshardwareoverheadandimprovesoverallperformanceofoffchip memoryprotectionresultinginbettersecurityandreliability.

REFERENCES [1]S.ChhabraandY.Solihin.iNVMM:ASecureNonVolatileMainMemorySystemwith IncrementalEncryption.InProceedingsofthe38thInternationalSymposiumonComputer Architecture,SanJose,California,2011.ACM. [2]N.H.Seong,D.H.Woo,andH.S.Lee.SecurityRefresh:PreventMaliciousWearOutandIncrease DurabilityforPhaseChangeMemorywithDynamicallyRandomizedAddressMapping.In Proceedingsofthe37thInternationalSymposiumonComputerArchitecture,SaintMalo,France, 2010.ACM. [3]R.HuangandG.EdwardSuh.IVEC:OffChipMemoryIntegrityProtectionforBothSecurityand Reliability.InProceedingsofthe37thInternationalSymposiumonComputerArchitecture,SaintMalo, France,2010.ACM.