Defending Against Attacks on Main Memory Persistence

PDF
2.1MB

William Enck
The Pennsylvania State University
United States

Kevin Butler
The Pennsylvania State University
United States

Thomas Richardson
The Pennsylvania State University
United States

Patrick McDaniel
The Pennsylvania State University
United States

Adam Smith
The Pennsylvania State University
United States

Abstract:
Main memory contains transient information for all resident
applications. However, if memory chip contents survives power-off, e.g.,
via freezing DRAM chips, sensitive data such as passwords and keys can
be extracted. Main memory persistence will soon be the norm as recent
advancements in MRAM and FeRAM position non-volatile memory technologies
for widespread deployment in laptop, desktop, and embedded system main
memory. Unfortunately, the same properties that provide energy
efficiency, tolerance against power failure, and ``instant-on'' power-up
also subject systems to offline memory scanning. In this paper, we
propose a {\em Memory Encryption Control Unit} (MECU) that provides
memory confidentiality during system suspend and across reboots. The
MECU encrypts all memory transfers between the processor-local level 2
cache and main memory to ensure plaintext data is never written to the
persistent medium. The MECU design is outlined and performance and
security trade-offs considered. We evaluate a MECU-enhanced
architecture using the SimpleScalar hardware simulation framework on
several hardware benchmarks. This analysis shows the majority of memory
accesses are delayed by less than 1 ns, with higher access latencies
(caused by resume state reconstruction) subsiding within 0.25 seconds of
a system resume. In effect, the MECU provides zero-cost steady state
memory confidentiality for non-volatile main memory.