Securing Non-Volatile Main Memory

Non-volatile memories provide energy efficiency, tolerance against power failure, and “instant-on” power-up. These memories are likely to replace traditional volatile memory in next-generation laptops and desktops. However, the move to non-volatile memory introduces new vulnerabilities; sensitive data such as passwords and keys residing in main memory persists across reboots and can be probed during hardware suspension. In this paper, we propose a Memory Encryption Control Unit (MECU) to address the vulnerabilities introduced by non-volatile memories. The MECU encrypts all memory transfers between the level 2 cache and main memory. The keys used to encrypt memory blocks are derived from secret information present on removable authentication tokens, e.g., smart card, or other similar secure storage devices. This provides protection against physical attacks in absence of the token. A MECU design is outlined and performance, memory, and security trade-offs considered. We evaluate a MECU-enhanced architecture using the SimpleScalar hardware simulation framework on several hardware benchmarks. The performance analysis shows that we can secure non-volatile memories with minimal overhead—the majority of memory accesses are delayed by less than 1 ns, with limited degradation subsiding within 67 μs of a system resume. In effect, we provide zero-cost steady state confidentiality for main memory.