Pagevault: securing off-chip memory using page-based authentication

Security remains an essential requirement for computing systems today. With the advent of Cloud Computing, new online services have emerged that deal with sensitive content, e.g. stock trading, banking, medical, legals etc.., making security a crucial necessity. The unique threat model of cloud computing comes from the realization that consumers do not have direct access to the computing resources, placing their data in an untrusted environment. Hardware security protects computing resources by providing data confidentiality and data integrity. Memory attacks represent the most common hardware attacks and as a result, have been studied extensively during the past decade. All current state-of-the-art memory protection schemes encrypt user data blocks on the host processor before sending them to off-chip memory. The integrity test is done using a message authentication code, stored in memory as meta-data to save space on the host processor. This meta-data not only increases the memory traffic but also occupy a significant portion of the memory space that could have been used by the application. We present a new memory protection scheme, a page-based authentication algorithm which is based on Aggregate Message Authentication Code (AMAC [10]). Our scheme uses AMAC to compress the MAC of multiple memory blocks, reducing the meta-data overhead and saving a significant amount of memory space. Our analysis targets high capacity memory systems where the meta-data overhead is significant. With the same amount of on-chip cache, protecting 8 GB of memory using our scheme only necessitates 8% of off-chip meta-data, compared to 23% in prior work, and this saving comes with up to 12% improvement in IPC performance.