Technology Profile

Secure Non-Volatile Memory System

Description

Abstract

Researchers at the University of Central Florida have designed a hardware-only system that can recover integrity-protected non-volatile memories (NVMs) faster and more cost-efficiently than other memory recovery/controller technologies. Called Anubis, the UCF ultra-low overhead and recovery time device seamlessly integrates with secure and integrity-protected systems to recover NVMs and resolve inconsistencies between both data and metadata after a cache miss (power loss or system crash). Other technologies lack this fast, comprehensive approach to NVM recovery.

Existing controller technologies require several hours and high overhead to recover and verify NVMs secured by integrity schemes such as non-parallelizable Merkle trees or parallelizable ones (similar to complicated Intel^® SGX-style trees). In contrast, UCF's Anubis system can speed the recovery time of secure NVMs by almost 10^⁷ (for example, from 8 hours down to 0.03 second) using less overhead. More importantly, Anubis provides added security and recoverability by persistently tracking data and metadata. This enables the system to quickly evaluate/rebuild multiple levels of a tree or interlevel dependent trees whenever a cache miss occurs.

Technical Details

The invention is a memory system comprising a memory controller and an integrity-protected NVM device that contains a shadow tracker region. In one example application of the system, the memory controller persistently tracks the addresses of Merkle tree counter and memory blocks in the secure metadata cache. To do this, the controller accesses a shadow counter table and a shadow Merkle tree table within the shadow tracker region of the NVM. Since the addresses only change when a cache miss occurs, the overhead required to track them in memory is minimal. Therefore, the system only has to rebuild the affected parts of the secure metadata cache associated with the persistent addresses in the NVM device. Anubis removes the memory size barrier in recovery time and makes the recovery time a function of counter cache and Merkle tree cache size. An evaluation of performance overhead shows that, on average, Anubis reduces the performance overhead from 63 percent to approximately 3.4 percent.

Benefit

Low cost

Significantly reduces overhead and provides near-zero recovery time

Can be seamlessly integrated into secure and integrity-protected systems, including Intel? SGX

Requires only minor changes in the memory controller

Market Application

Data servers

Processors in high-availability servers

Publications

Anubis: Ultra-Low Overhead and Recovery Time for Secure Non-Volatile Memories

Proceedings of the 46th International Symposium on Computer Architecture, ISCA ’19, June 22–26, 2019, Phoenix, AZ, USA. Association for Computing Machinery

Computer Engineering Researcher Focuses on Designing Secure Architectures

Brochure

Research Terms

Computer Storage Devices Computer Security Computer Technology Engineering Physical Sciences Electronic Equipment and Devices

Researchers

Contact Information

Raju Nagaiah

raju@ucf.edu

(407) 882-0593

Websites

Tech Transfer Office