ACME: Advanced Counter Mode Encryption for Secure Non-Volatile Memories
Modern computing systems that integrate emerging non-volatile memories (NVMs) are vulnerable to classical security threats to data confidentiality (e.g., stolen DIMM and bus snooping attacks) as well as new security threats to system availability (e.g., denial of memory service (DoMS) attacks). Alth...
Saved in:
| Published in | 2018 55th ACM ESDA IEEE Design Automation Conference (DAC) pp. 1 - 6 |
|---|---|
| Main Authors | , |
| Format | Conference Proceeding |
| Language | English |
| Published |
IEEE
01.06.2018
|
| Subjects | |
| Online Access | Get full text |
| DOI | 10.1109/DAC.2018.8465906 |
Cover
Loading…
| Abstract | Modern computing systems that integrate emerging non-volatile memories (NVMs) are vulnerable to classical security threats to data confidentiality (e.g., stolen DIMM and bus snooping attacks) as well as new security threats to system availability (e.g., denial of memory service (DoMS) attacks). Although counter mode encryption (CME) secures NVM-based main memories against confidentiality attacks, counter sizing is critical to balance tradeoffs between memory overhead, system performance, and re-encryption frequency (i.e., system availability). Furthermore, CME is particularly vulnerable to DoMS attacks, where a malicious application can severely impact memory availability by forcing frequent full memory re-encryption. This paper proposes Advanced Counter Mode Encryption, i.e., ACME, a low overhead CME-based main memory encryption solution to realize the twin security goals of confidentiality and availability in NVM-based main memories. At its core, ACME integrates counter write leveling (CWL) to reduce the frequency of full memory re-encryption while preserving the security properties of the underlying CME. Our evaluations on a phase change memory (PCM) architecture using SPEC CPU2006 benchmarks show that for a system availability of 99.999%, ACME not only requires 50% lower counter overhead, but also improves system performance by 20% in comparison to classical CME. When subject to a DoMS attack in the form of an unprivileged Linux process that sidesteps all levels of cache to constantly write to the same memory address to precipitate counter overflow, the ACME-based system provides 99.9% system availability in contrast to a classical CME-based system that is rendered non-operational. |
|---|---|
| AbstractList | Modern computing systems that integrate emerging non-volatile memories (NVMs) are vulnerable to classical security threats to data confidentiality (e.g., stolen DIMM and bus snooping attacks) as well as new security threats to system availability (e.g., denial of memory service (DoMS) attacks). Although counter mode encryption (CME) secures NVM-based main memories against confidentiality attacks, counter sizing is critical to balance tradeoffs between memory overhead, system performance, and re-encryption frequency (i.e., system availability). Furthermore, CME is particularly vulnerable to DoMS attacks, where a malicious application can severely impact memory availability by forcing frequent full memory re-encryption. This paper proposes Advanced Counter Mode Encryption, i.e., ACME, a low overhead CME-based main memory encryption solution to realize the twin security goals of confidentiality and availability in NVM-based main memories. At its core, ACME integrates counter write leveling (CWL) to reduce the frequency of full memory re-encryption while preserving the security properties of the underlying CME. Our evaluations on a phase change memory (PCM) architecture using SPEC CPU2006 benchmarks show that for a system availability of 99.999%, ACME not only requires 50% lower counter overhead, but also improves system performance by 20% in comparison to classical CME. When subject to a DoMS attack in the form of an unprivileged Linux process that sidesteps all levels of cache to constantly write to the same memory address to precipitate counter overflow, the ACME-based system provides 99.9% system availability in contrast to a classical CME-based system that is rendered non-operational. |
| Author | Mohanram, Kartik Swami, Shivam |
| Author_xml | – sequence: 1 givenname: Shivam surname: Swami fullname: Swami, Shivam organization: Department of Electrical and Computer Engineering, University of Pittsburgh, PA – sequence: 2 givenname: Kartik surname: Mohanram fullname: Mohanram, Kartik organization: Department of Electrical and Computer Engineering, University of Pittsburgh, PA |
| BookMark | eNp9zrsOgjAYQOGaaKIou4lLXwBsudTiRhB1wUXjShr4SWqgJS2Y8PYuzE5n-JbjoKXSChDaU-JTSpLjJc38gFDu84jFCWEL5NA45CyiNArXyLX2QwgJGI9OMd2gW5oV-Rmn9VeoCmqc6VENYHCha8C5qszUD1Ir3GiDn1CNBvBDK--tWzHIFnABnTYS7A6tGtFacOdu0eGav7K7JwGg7I3shJnK-Sn8rz8HzzvA |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IH CBEJK RIE RIO |
| DOI | 10.1109/DAC.2018.8465906 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Proceedings Order Plan (POP) 1998-present by volume IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP) 1998-present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| EISBN | 1538641143 9781538641149 |
| EndPage | 6 |
| ExternalDocumentID | 8465906 |
| Genre | orig-research |
| GroupedDBID | 6IE 6IF 6IG 6IH 6IL 6IM 6IN AAJGR AAWTH ABLEC ABQGA ALMA_UNASSIGNED_HOLDINGS BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK IEGSK IJVOP OCL RIE RIL RIO |
| ID | FETCH-ieee_primary_84659063 |
| IEDL.DBID | RIE |
| IngestDate | Wed Aug 27 02:53:37 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | false |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-ieee_primary_84659063 |
| ParticipantIDs | ieee_primary_8465906 |
| PublicationCentury | 2000 |
| PublicationDate | 2018-June |
| PublicationDateYYYYMMDD | 2018-06-01 |
| PublicationDate_xml | – month: 06 year: 2018 text: 2018-June |
| PublicationDecade | 2010 |
| PublicationTitle | 2018 55th ACM ESDA IEEE Design Automation Conference (DAC) |
| PublicationTitleAbbrev | DAC |
| PublicationYear | 2018 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssj0002684751 |
| Score | 3.31706 |
| Snippet | Modern computing systems that integrate emerging non-volatile memories (NVMs) are vulnerable to classical security threats to data confidentiality (e.g.,... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 1 |
| SubjectTerms | Benchmark testing Counter Mode Encryption Denial of Memory Service Encryption Memory management Non-volatile Memories Nonvolatile memory Phase Change Memory Random access memory System-on-chip |
| Title | ACME: Advanced Counter Mode Encryption for Secure Non-Volatile Memories |
| URI | https://ieeexplore.ieee.org/document/8465906 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV09T8MwED2VTkyAWgQUkAdGkobYzgdbFFIqpFQMgLpViXNZQAmqkqH8enxOWgTqwBZFinOyJb_z3XvPADel8MuMq8LimfSpdKOsPHBKi3s6HdWQgZyTdjhdePNX8bSUywHc7rQwiGjIZ2jTo-nlF7VqqVQ21VgpQ_LXPtAHt06rtaunkGuJL--2nUgnnD5EMVG3Arv_7Nf9KQY-ZkeQbn_csUbe7bbJbfX1x5Pxv5Edw_hHqMeedxB0AgOsRvAYxWlyz6K-u89Idq5nj9G1Zyyp1Hpjtgmm01Vmyu3IFnVlvdVEi_tAlhL5Vh-gxzCZJS_x3KJAVp-dLcWqj4GfwrCqKzwD5uYyy71SkOe8cIQKMiHdIlQOCs5Ruucw2jfCxf7XEzik6ex4UpcwbNYtXmlEbvJrsxTf6FaO3g |
| linkProvider | IEEE |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV3PT4MwFH5Z5kFPajajzh89eBSGtB3gjSATdRAP0-xGoJSLBswCB_3r7QOG0ezgjTShfWmTfu173_cV4CpnVp5QkWk04RamboSW2kau0Zk6jirIkJSidjiMZsELe1zx1QCuey2MlLIhn0kdP5taflaKGlNlU4WV3EF_7R2F-8xp1Vp9RgV9Syx-s6lFGs70zvWQvGXr3Y-_XlBpAGS-D-Fm6JY38qbXVaqLrz-ujP-N7QDGP1I98tyD0CEMZDGCe9cL_VvidvV9gsJzNX8EHz4jfiHWn81GQdSBlTQJd0mistBeSyTGvUsSIv1WXaHHMJn7Sy_QMJD4ozWmiLsY6BEMi7KQx0DMlCfpLGfoOs8MJuyEcTNzhCEZpZKbJzDa1sPp9uZL2A2W4SJePERPE9jDqW1ZU2cwrNa1PFf4XKUXzbJ8A5n2ki4 |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=2018+55th+ACM+ESDA+IEEE+Design+Automation+Conference+%28DAC%29&rft.atitle=ACME%3A+Advanced+Counter+Mode+Encryption+for+Secure+Non-Volatile+Memories&rft.au=Swami%2C+Shivam&rft.au=Mohanram%2C+Kartik&rft.date=2018-06-01&rft.pub=IEEE&rft.spage=1&rft.epage=6&rft_id=info:doi/10.1109%2FDAC.2018.8465906&rft.externalDocID=8465906 |