ASSET: Architectures for Smart Security of Non-Volatile Memories

Abstract

Computing systems that integrate advanced non-volatile memories (NVMs) are vulnerable to several security attacks that threaten (i) data confidentiality, (ii) data availability, and (iii) data integrity. This paper proposes Architectures for Smart Security of NVMs (AS-SET), which integrates five low overhead, high performance security solutions—SECRET [1], COVERT [2], ACME [3], ARSE-NAL [4], and STASH [5]—to thwart these attacks on NVM systems. SECRET is a low cost security solution that employs counter mode encryption (CME) for data confidentiality in multi-/triple-level cell (i.e., MLC/TLC) NVMs. COVERT and ACME complement SECRET to improve system availability of CME. ARSENAL integrates CME and Bonsai Merkle Tree (BMT) authentication to thwart data confidentiality and integrity attacks, respectively, in NVMs and simultaneously enables instant data recovery (IDR) on power/system failures. Finally, STASH is the first comprehensive end-to-end security architecture for state-of-the-art smart hybrid memories (SHMs). STASH integrates (i) CME for data confidentiality, (ii) page-level MT authentication for data integrity, (iii) recovery-compatible MT updates to withstand power or system failures, and (iv) page-migration friendly security meta-data management. This paper thus addresses the core security challenges of next-generation NVM systems.