Low-cost, hardware-only memory controller system enables quick recovery and verification of Merkle tree- and Intel® SGX-protected non-volatile memories (NVMs).
Researchers at the University of Central Florida have designed a hardware-only system that can recover integrity-protected non-volatile memories (NVMs) faster and more cost-efficiently than other memory recovery/controller technologies. Called Anubis, the UCF ultra-low overhead and recovery time device seamlessly integrates with secure and integrity-protected systems to recover NVMs and resolve inconsistencies between both data and metadata after a cache miss (power loss or system crash). Other technologies lack this fast, comprehensive approach to NVM recovery.
Since NVM-equipped systems can retain data long after losing power, their security metadata, as well as actual data, must be safeguarded and quickly recoverable. Unfortunately, existing controller technologies require several hours and high overhead to recover and verify NVMs secured by integrity schemes such as non-parallelizable Merkle trees or parallelizable ones (similar to complicated Intel® SGX-style trees). In contrast, UCF’s Anubis system can speed the recovery time of secure NVMs by almost 107 (for example, from 8 hours down to 0.03 second) using less overhead. More importantly, Anubis provides added security and recoverability by persistently tracking data and metadata. This enables the system to quickly evaluate/rebuild multiple levels of a tree or interlevel dependent trees whenever a cache miss occurs. In effect, Anubis bridges the gap between recoverability and high performance in secure NVMs.
The invention is a memory system comprising a memory controller and an integrity-protected NVM device that contains a shadow tracker region. In one example application of the system, the memory controller persistently tracks the addresses of Merkle tree counter and memory blocks in the secure metadata cache. To do this, the controller accesses a shadow counter table and a shadow Merkle tree table within the shadow tracker region of the NVM. Since the addresses only change when a cache miss occurs, the overhead required to track them in memory is minimal. Therefore, the system only has to rebuild the affected parts of the secure metadata cache associated with the persistent addresses in the NVM device. Anubis removes the memory size barrier in recovery time and makes the recovery time a function of counter cache and Merkle tree cache size.
Anubis’s recovery time is a function of the security metadata cache size and does not increase linearly with memory size as in other schemes. An evaluation of performance overhead shows that, on average, Anubis reduces the performance overhead from 63 percent to approximately 3.4 percent. Most importantly, Anubis achieves a recovery time of 0.03 second. In comparison, an existing state-of-the-art technology requires an average of 7.8 hours for eight terabytes to recover both encryption counters and the Merkle Tree.
- Low cost
- Significantly reduces overhead and provides near-zero recovery time
- Can be seamlessly integrated into secure and integrity-protected systems, including Intel® SGX
- Requires only minor changes in the memory controller
- Data servers
- Processors in high-availability servers