Secure Non-Volatile Memory System Offers Ultra-Low Recovery Time, Overhead

Technology #34136

Questions about this technology? Ask a Technology Manager

Download Printable PDF

Image Gallery
In the example operation, Anubis acts whenever metadata changes occur in the Counter Cache (3) or the Merkle Tree Cache (4). The operation reduces the need for extra updates to the shadow counter and shadow Merkle tree tables (SCT and SMT). It also lowers the overhead significantly without hurting recoverability.
Kazi Abu Zubair
Amro Awad, Ph.D.
External Link (
Managed By
Raju Nagaiah
Research Associate 407.882.0593
Patent Protection

Provisional Patent Application Filed
Anubis: Ultra-Low Overhead and Recovery Time for Secure Non-Volatile Memories
Proceedings of the 46th International Symposium on Computer Architecture, ISCA ’19, June 22–26, 2019, Phoenix, AZ, USA. Association for Computing Machinery

Low-cost, hardware-only memory controller system enables quick recovery and verification of Merkle tree- and Intel® SGX-protected non-volatile memories (NVMs).

Researchers at the University of Central Florida have designed a hardware-only system that can recover integrity-protected non-volatile memories (NVMs) faster and more cost-efficiently than other memory recovery/controller technologies. Called Anubis, the UCF ultra-low overhead and recovery time device seamlessly integrates with secure and integrity-protected systems to recover NVMs and resolve inconsistencies between both data and metadata after a cache miss (power loss or system crash). Other technologies lack this fast, comprehensive approach to NVM recovery.

Since NVM-equipped systems can retain data long after losing power, their security metadata, as well as actual data, must be safeguarded and quickly recoverable. Unfortunately, existing controller technologies require several hours and high overhead to recover and verify NVMs secured by integrity schemes such as non-parallelizable Merkle trees or parallelizable ones (similar to complicated Intel® SGX-style trees). In contrast, UCF’s Anubis system can speed the recovery time of secure NVMs by almost 107 (for example, from 8 hours down to 0.03 second) using less overhead. More importantly, Anubis provides added security and recoverability by persistently tracking data and metadata. This enables the system to quickly evaluate/rebuild multiple levels of a tree or interlevel dependent trees whenever a cache miss occurs. In effect, Anubis bridges the gap between recoverability and high performance in secure NVMs.

Technical Details

The invention is a memory system comprising a memory controller and an integrity-protected NVM device that contains a shadow tracker region. In one example application of the system, the memory controller persistently tracks the addresses of Merkle tree counter and memory blocks in the secure metadata cache. To do this, the controller accesses a shadow counter table and a shadow Merkle tree table within the shadow tracker region of the NVM. Since the addresses only change when a cache miss occurs, the overhead required to track them in memory is minimal. Therefore, the system only has to rebuild the affected parts of the secure metadata cache associated with the persistent addresses in the NVM device. Anubis removes the memory size barrier in recovery time and makes the recovery time a function of counter cache and Merkle tree cache size.

Anubis’s recovery time is a function of the security metadata cache size and does not increase linearly with memory size as in other schemes. An evaluation of performance overhead shows that, on average, Anubis reduces the performance overhead from 63 percent to approximately 3.4 percent. Most importantly, Anubis achieves a recovery time of 0.03 second. In comparison, an existing state-of-the-art technology requires an average of 7.8 hours for eight terabytes to recover both encryption counters and the Merkle Tree.


  • Low cost
  • Significantly reduces overhead and provides near-zero recovery time
  • Can be seamlessly integrated into secure and integrity-protected systems, including Intel® SGX
  • Requires only minor changes in the memory controller


  • Data servers
  • Processors in high-availability servers