Link to the University of Pittsburgh Homepage
Link to the University Library System Homepage Link to the Contact Us Form

Anchor: Architecture for Secure Non-Volatile Memories

Swami, Shivam (2018) Anchor: Architecture for Secure Non-Volatile Memories. Doctoral Dissertation, University of Pittsburgh. (Unpublished)

Download (13MB) | Preview


The rapid growth of memory-intensive applications like cloud computing, deep learning, bioinformatics, etc., have propelled memory industry to develop scalable, high density, low power non-volatile memory (NVM) technologies; however, computing systems that integrate these advanced NVMs are vulnerable to several security attacks that threaten (i) data confidentiality, (ii) data availability, and (iii) data integrity. This dissertation presents ANCHOR, which integrates 4 low overhead, high performance security solutions SECRET, COVERT, ACME, and STASH to thwart these attacks on NVM systems.

SECRET is a low cost security solution for data confidentiality in multi-/triple-level cell (i.e., MLC/TLC) NVMs. SECRET synergistically combines (i) smart encryption, which prevents re-encryption of unmodified or zero-words during a write-back with (ii) XOR-based energy masking, which further optimizes NVM writes by transforming a high-energy ciphertext into a low-energy ciphertext. SECRET outperforms state-of-the-art encryption solutions, with the lowest write energy and latency, as well as the highest lifetime.
COVERT and ACME complement SECRET to improve system availability of counter mode encryption (CME). COVERT repurposes unused error correction resources to dynamically extend time to counter overflow of fast growing counters, thereby delaying frequent full memory re-encryption (system freeze). ACME performs counter write leveling (CWL) to further increase time to counter overflow, and thereby delays the time to full memory re-encryption. COVERT+ACME achieves system availability of 99.999% during normal operation and 99.9% under a denial of memory service (DoMS) attack. In contrast, conventional CME achieves system availability of only 85.71% during normal operation and is rendered non-operational under a DoMS attack. Finally, STASH is a comprehensive end-to-end security architecture for state-of-the-art smart hybrid memories (SHMs) that employ a smart DRAM cache with smart NVM-based main memory. STASH integrates (i) CME for data confidentiality, (ii) page-level Merkle Tree authentication for data integrity, (iii) recovery-compatible MT updates to withstand power/system failures, and (iv) page-migration friendly security meta-data management. For security guarantees equivalent to state-of-the-art, STASH reduces memory overhead by 12.7x, improves system performance by 65%, and increases NVM lifetime by 5x.

This dissertation thus addresses the core security challenges of next-generation NVM-based memory systems. Directions for future research include (i) exploration of holistic architectures that ensure both security and reliability of smart memory systems, (ii) investigating applications of ANCHOR to reduce security overhead of Internet-of-Things, and (iii) extending ANCHOR to safeguard emerging non-volatile processors, especially in the light of advanced attacks like Spectre and Meltdown.


Social Networking:
Share |


Item Type: University of Pittsburgh ETD
Status: Unpublished
CreatorsEmailPitt UsernameORCID
Swami, Shivamshs173@pitt.edushs1730000-0002-1915-2763
ETD Committee:
TitleMemberEmail AddressPitt UsernameORCID
Committee ChairMohanram, Kartikkmram@pitt.edukmram
Committee MemberYang,
Committee MemberZhi-Hong,
Committee MemberMiskov-Zivanov,
Committee MemberMelhem,
Committee MemberChen, Yiran
Date: 25 September 2018
Date Type: Publication
Defense Date: 12 June 2018
Approval Date: 25 September 2018
Submission Date: 19 June 2018
Access Restriction: No restriction; Release the ETD for access worldwide immediately.
Number of Pages: 99
Institution: University of Pittsburgh
Schools and Programs: Swanson School of Engineering > Electrical Engineering
Degree: PhD - Doctor of Philosophy
Thesis Type: Doctoral Dissertation
Refereed: Yes
Uncontrolled Keywords: Security in hardware, Hardware attacks and countermeasures, Side channel attacks
Date Deposited: 25 Sep 2018 16:00
Last Modified: 25 Sep 2018 16:00


Monthly Views for the past 3 years

Plum Analytics

Actions (login required)

View Item View Item