supermem enabling application transparent secure
play

SuperMem: Enabling Application- transparent Secure Persistent Memory - PowerPoint PPT Presentation

Apr 15, 2023 •148 likes •494 views

SuperMem: Enabling Application- transparent Secure Persistent Memory with Low Overheads Pengfei Zuo 1,2 , Yu Hua 1 , Yuan Xie 2 1 Huazhong University of Science and Technology, China 2 University of California at Santa Barbara, USA 52nd IEEE/ACM

  1. SuperMem: Enabling Application- transparent Secure Persistent Memory with Low Overheads Pengfei Zuo 1,2 , Yu Hua 1 , Yuan Xie 2 1 Huazhong University of Science and Technology, China 2 University of California at Santa Barbara, USA 52nd IEEE/ACM International Symposium on Microarchitecture ( MICRO ), 2019

  2. Images from Internet DRAM � Persistent Memory Low power Low power 2

  3. Two Key Challenges for Persistent Memory Persistence Security Core username, Cache password Volatile: Inconsistency Non-volatile: Persistent Memory Persistent Memory Gap between persistence and security: � Clflush, mfence & logging for crash consistency � Memory encryption for data security Encryption incurs new inconsistency problem 3

  4. Counter Mode Encryption Write Write Counter Data CPU Cache Counter Cache Back Back AES Engine XOR One-time pad Encrypted Data 4

  5. Counter Mode Encryption Write Write CPU Cache Counter Cache Back Back Updated Encrypted Counter Data 5

  6. Crash Inconsistency Caused by Encryption Write Write CPU Cache Counter Cache Back Back Updated Encrypted Counter Data � Data and counter cannot reach NVM at the same time 6

  7. Crash Inconsistency Caused by Encryption Write Write CPU Cache Counter Cache Back Back Updated Encrypted CASE 1: Counter Data � Data and counter cannot reach NVM at the same time 7

  8. Crash Inconsistency Caused by Encryption Write Write CPU Cache Counter Cache Back Back Updated Encrypted CASE 2: Counter Data � Data and counter cannot reach NVM at the same time 8

  9. Crash Inconsistency Caused by Encryption Clflush Write Write CPU Cache Counter Cache Back Back Updated Encrypted Counter Data � Data and counter cannot reach NVM at the same time � Clflush and mfence cannot operate the counter cache 9

  10. Existing Solutions (Write-back Counter Cache) Large Battery Backup Software-level Modification Error Correction [Awad et al., ASPLOS’16] [Liu et al., HPCA’18] [Ye et al., MICRO’18] [Zuo et al., MICRO’18] New programming primitives • counter_cache_writeback() Check CPU Counter • CounterAtomic Cache Cache App Battery Unencrypted Encrypted Expensive Portability limitation Long recovery time 10

  11. SuperMem: Secure and Persistent Memory � Exploit a write-through counter cache – No large battery backup – No software-level modifications – No need to correct counters – Double writes � A counter write coalescing scheme – Reduce the number of write requests � A cross-bank counter storage scheme Asynchronous DRAM refresh (ADR): – Speedup memory writes cache lines reaching the write queue can be considered durable. 11

  12. SuperMem: Secure and Persistent Memory Application-transparent Write-through counter cache ( Guarantee consistency ) Counter write coalescing ( Reduce writes ) Cross-bank counter storage Asynchronous DRAM refresh (ADR): ( Speedup writes ) cache lines reaching the write queue can be considered durable. 12

  13. SuperMem: Secure and Persistent Memory Write-through counter cache ( Guarantee consistency ) Counter write coalescing ( Reduce writes ) Cross-bank counter storage Asynchronous DRAM refresh (ADR): ( Speedup writes ) cache lines reaching the write queue can be considered durable. 13

  14. Write-through Counter Cache � Ensure that data and its counter reach the write queue in the same time – Write through counter cache Flu(A) Ret(A) CPU Ack(A) Memory Ctrl Read(Ac) Ac++ Enc(A) App(Ac) App(A) Write Queue 14

  15. Write-through Counter Cache � Ensure that data and its counter reach the write queue in the same time – Write through counter cache – Add a register Flu(A) Ret(A) CPU Read(Ac) Ac++ Enc(A) Memory Ctrl Ack(A) Write Queue App(Ac+A) Sto(Ac) Sto(A) Register 15

  16. SuperMem: Secure and Persistent Memory Write-through counter cache ( Guarantee consistency ) Counter write coalescing ( Reduce writes ) Cross-bank counter storage Asynchronous DRAM refresh (ADR): ( Speedup writes ) cache lines reaching the write queue can be considered durable. 16

  17. Cross-bank Counter Storage � SingleBank: Counters are stored in a continuous area in NVM [ASPLOS’15, ASPLOS’16, HPCA’18] Data 0 Data 1 Data 2 Ctr 0, Ctr 1, Ctr 2 Bank ID: 0 1 2 3 4 5 6 7 Data Area Bottleneck Ctr Area 17

  18. Cross-bank Counter Storage � SameBank: Stores the counters of data into their local banks 2X write latency Ctr 0, Data 0 Ctr 1, Data 1 Ctr 2, Data 2 Bank ID: 0 1 2 3 4 5 6 7 Data Area Ctr Area 0 1 2 3 4 5 6 7 18

  19. Cross-bank Counter Storage � XBank: Stores each data and its counter into different banks to leverage bank parallelism Data 0 Data 1 Data 2 Ctr 0 Ctr 1 Ctr 2 Bank ID: 0 1 2 3 4 5 6 7 Data Area Ctr Area 4 5 6 7 0 1 2 3 19

  20. SuperMem: Secure and Persistent Memory Write-through counter cache ( Guarantee consistency ) Counter write coalescing ( Reduce writes ) Cross-bank counter storage Asynchronous DRAM refresh (ADR): ( Speedup writes ) cache lines reaching the write queue can be considered durable. 20

  21. Locality-aware Counter Write Coalescing � Spatial locality of counter storage – All counters of a page are stored in a counter line … … … … A page: Line 1 Line 2 Line 3 Line 4 Line 64 (64 lines) … A counter line: M m 1 m 2 m 3 m 4 m 64 (64B) 21

  22. Locality-aware Counter Write Coalescing � Spatial locality of counter storage – All counters of a page are stored in a counter line … … … … A page: Line 1 Line 2 Line 3 Line 4 Line 64 (64 lines) A log entry or the transaction data � Spatial locality of log and data writes 22

  23. Locality-aware Counter Write Coalescing � An example of writing 4 lines within a page … … … … A page: Line 1 Line 2 Line 3 Line 4 Line 64 (64 lines) 23

  24. Locality-aware Counter Write Coalescing � An example of writing 4 lines within a page Cache A B C D Dc D Cc C Bc B Ac A Write Queue 24

  25. Locality-aware Counter Write Coalescing � An example of writing 4 lines within a page … Ac: ' M m 1 m 2 m 3 m 4 m 64 … ' m 2 Bc: ' M m 1 m 3 m 4 m 64 … ' m 2 ' m 3 Cc: ' M m 1 m 4 m 64 … ' m 2 ' m 3 ' m 4 Dc: ' M m 1 m 64 Dc D Cc C Bc B Ac A Write Queue 25

  26. Locality-aware Counter Write Coalescing � Coalescing counter writes in the write queue … Ac: ' M m 1 m 2 m 3 m 4 m 64 … ' m 2 Bc: ' M m 1 m 3 m 4 m 64 … ' m 2 ' m 3 Cc: ' M m 1 m 4 m 64 … ' m 2 ' m 3 ' m 4 Dc: ' M m 1 m 64 Dc D Cc C Bc B Ac A Write Queue 26

  27. Locality-aware Counter Write Coalescing (CWC) � Coalescing counter writes in the write queue With CWC Dc D C B A Without CWC Dc D Cc C Bc B Ac A Write Queue 27

  28. Performance Evaluation � Model NVM using gem5 and NVMain Comparisons Benchmarks Unsec: An un-encrypted NVM Array: Randomly swapping entries WB: An ideal write-back scheme Queue: Randomly enqueueing and dequeueing WT: A write-through scheme B-tree: Inserting random KVs WT+CWC: A write-through scheme with CWC Hash Table: Inserting random KVs WT+Xbank: A write-through RB-tree: Inserting random KVs scheme with XBank SuperMem 28

  29. Transaction Execution Latency – Single-core Normalized Execution Latency Unsec WB WT WT+CWC WT+XBank SuperMem Normalized Execution Latency Unsec WB WT WT+CWC WT+XBank SuperMem 2.0 2.0 WT+CWC 1.5 1.5 1.0 1.0 0.5 0.5 0.0 0.0 Array Queue B-tree Hash Table RB-tree Array Queue B-tree Hash Table RB-tree Transaction size: 256B Transaction size: 4KB � SuperMem achieves the performance comparable to a secure NVM with an ideal write-back cache (WB) 29

  30. Transaction Execution Latency – Multi-core Normalized Execution Latency Unsec WB WT WT+CWC WT+XBank SuperMem Normalized Execution Latency Unsec WB WT WT+CWC WT+XBank SuperMem 2.0 2.0 WT+XBank 1.5 1.5 1.0 1.0 0.5 0.5 0.0 0.0 Array Queue B-tree Hash Table RB-tree Array Queue B-tree Hash Table RB-tree 8 programs 2 programs � SuperMem achieves the performance comparable to a secure NVM with an ideal write-back cache (WB) 30

  31. The Number of Write Requests Unsec WB WT SuperMem Unsec WB WT SuperMem Unsec WB WT SuperMem Normalized # of Writes Normalized # of Writes Normalized # of Writes 2.0 2.0 2.0 1.5 1.5 1.5 1.0 1.0 1.0 0.5 0.5 0.5 0.0 0.0 0.0 y e e e e Array Queue B-tree Hash Table RB-tree Array Queue B-tree Hash Table RB-tree a l u e e b r e r r a r t t A u - - T B B Q R h s a H Transaction size: 256B Transaction size: 1KB Transaction size: 4KB � SuperMem reduces up to 50% of write requests by using the CWC scheme 31

  32. Conclusion Problem � Memory encryption incurs crash inconsistency issue Existing Work � Using a write-back counter cache � Large battery backup, software-level modification, or error correction Our Solution � SuperMem: exploit a write-through counter cache � Large battery backup, software-level modification, error correction � Counter write coalescing for reducing writes � Cross-bank counter storage for speeding up writes 32

  33. Thanks! Q&A

Recommend

Enabling Transparent Asynchronous I/O using Background Threads HPC I/O Synchronous

Enabling Transparent Asynchronous I/O using Background Threads HPC I/O Synchronous

Enabling Transparent Asynchronous I/O using Background Threads HPC I/O Synchronous Code executes in sequence. Computation is blocked by I/O, waste system resources. Asynchronous Code may execute out of order.

351 views • 22 slides
Application-Transparent Checkpoint/Restart for MPI Programs over InfiniBand Qi Gao, Weikuan Yu,

Application-Transparent Checkpoint/Restart for MPI Programs over InfiniBand Qi Gao, Weikuan Yu,

Application-Transparent Checkpoint/Restart for MPI Programs over InfiniBand Qi Gao, Weikuan Yu, Wei Huang, Dhabaleswar K. Panda Network-Based Computing Laboratory Department of Computer Science & Engineering The Ohio State University

635 views • 26 slides
Enabling Secure Web Payments with GNU Taler J. Burdges, F. Dold, C. Grothoff , M. Stanisci

Enabling Secure Web Payments with GNU Taler J. Burdges, F. Dold, C. Grothoff , M. Stanisci

Enabling Secure Web Payments with GNU Taler J. Burdges, F. Dold, C. Grothoff , M. Stanisci Institut National de Recherche en Informatique et en Automatique (Inria) The GNU Project Ashoka Fellow 17.12.2016 I think one of the big things that

715 views • 57 slides
Derivation Systems and Verisimilitude (An Application of Transparent Intensional Logic) Logika:

Derivation Systems and Verisimilitude (An Application of Transparent Intensional Logic) Logika:

Derivation Systems and Verisimilitude (An Application of Transparent Intensional Logic) Logika: systmov rmec rozvoje oboru v R a koncepce logickch propedeutik pro mezioborov studia (reg. . CZ.1.07/2.2.00/28.0216, OPVK) doc. PhDr.

402 views • 37 slides
A Light Introduction to Transparent Intensional Logic and its Application in Semantics Logika:

A Light Introduction to Transparent Intensional Logic and its Application in Semantics Logika:

A Light Introduction to Transparent Intensional Logic and its Application in Semantics Logika: systmov rmec rozvoje oboru v R a koncepce logickch propedeutik pro mezioborov studia (reg. . CZ.1.07/2.2.00/28.0216, OPVK) doc. PhDr.

1.05k views • 45 slides
Enabling the Aviation CO 2 Allowance Trading Through Secure Market Mechanisms Massimiliano Zanin

Enabling the Aviation CO 2 Allowance Trading Through Secure Market Mechanisms Massimiliano Zanin

Enabling the Aviation CO 2 Allowance Trading Through Secure Market Mechanisms Massimiliano Zanin mz@innaxis.org Secure CO 2 allowance trading :: Introduction Secure CO 2 allowance trading :: Introduction Problem: Computing without trust

598 views • 25 slides
Prompt Application-Transparent Transaction Revalidation in Software Transactional Memory Simone

Prompt Application-Transparent Transaction Revalidation in Software Transactional Memory Simone

Prompt Application-Transparent Transaction Revalidation in Software Transactional Memory Simone Emiliano Pierangelo Alessandro Economo Silvestri Di Sanzo Pellegrini DIAG Sapienza University of Rome Francesco Quaglia DICII

609 views • 23 slides
Enabling Secure Ad-hoc Group Collaboration over Bluetooth Scatternets Somil Asthana (

Enabling Secure Ad-hoc Group Collaboration over Bluetooth Scatternets Somil Asthana (

Enabling Secure Ad-hoc Group Collaboration over Bluetooth Scatternets Somil Asthana ( asthana@cse.buffalo.edu ) Dimitris Kalfonos ( dimitris.kalofonos@nokia.com ) Outline Introduction Related Work Motivating User Scenario

302 views • 18 slides
ENABLING SSH PROTOCOL VISIBILITY IN FLOW MONITORING Wednesday 10 th April, 2019 Pavel ELEDA

ENABLING SSH PROTOCOL VISIBILITY IN FLOW MONITORING Wednesday 10 th April, 2019 Pavel ELEDA

ENABLING SSH PROTOCOL VISIBILITY IN FLOW MONITORING Wednesday 10 th April, 2019 Pavel ELEDA Petr VELAN, Benjamin KRL Ondej KOZK Introduction SSH Secure Shell provides secure connection over an unsecured network remote command-line

543 views • 18 slides
AA enabling a closed source legacy application Jan Du Caju ICT security officer K.U.Leuven

AA enabling a closed source legacy application Jan Du Caju ICT security officer K.U.Leuven

EuroCAMP 15nov2007 AA enabling a closed source legacy application Jan Du Caju ICT security officer K.U.Leuven Belgium Jan.DuCaju@icts.KULeuven.be EuroCAMP 15nov2007 AA enabling a closed source legacy application Introduction: context

426 views • 26 slides
NRCs Advanced Reactors Program Enabling the Safe and Secure Use of Nuclear Materials

NRCs Advanced Reactors Program Enabling the Safe and Secure Use of Nuclear Materials

NRCs Advanced Reactors Program Enabling the Safe and Secure Use of Nuclear Materials Commission Meeting April 24, 2018 Agenda NRCs Advanced Reactors Program Fred Brown Licensing Readiness and Potential Policy Issues

480 views • 25 slides
Enabling Cloud-Native Applications with Application Credentials in Keystone Colleen Murphy Cloud

Enabling Cloud-Native Applications with Application Credentials in Keystone Colleen Murphy Cloud

Enabling Cloud-Native Applications with Application Credentials in Keystone Colleen Murphy Cloud Developer at SUSE cmurphy @_colleenm Overview Why we needed application credentials What are application credentials? (with demo!)

637 views • 25 slides
TOWARDS TRANSPARENT ZERO- KNOWLEDGE COMPUTATION - BASED ON 10 YEARS OF COMMERCIAL USE Kurt

TOWARDS TRANSPARENT ZERO- KNOWLEDGE COMPUTATION - BASED ON 10 YEARS OF COMMERCIAL USE Kurt

TOWARDS TRANSPARENT ZERO- KNOWLEDGE COMPUTATION - BASED ON 10 YEARS OF COMMERCIAL USE Kurt Nielsen (Co-founder and CEO Partisia) Transparency and scalability PROTOCOLS PLATFORMS Landmark paper Secure Multiparty Computation Goes Live

773 views • 21 slides
Snappy Ubuntu Core Enabling secure devices with app stores We are the company behind Ubuntu.

Snappy Ubuntu Core Enabling secure devices with app stores We are the company behind Ubuntu.

Snappy Ubuntu Core Enabling secure devices with app stores We are the company behind Ubuntu. Canonical and Ubuntu | Best of both worlds CANONICAL Ubuntu Commercial backing #1 Linux Desktop for the #1 general purpose Linux OS: #1 Cloud OS

1.41k views • 26 slides
OperationCheckpoint: SDN Application Control Workshop on Secure Network Protocols (NPSec14) 19

OperationCheckpoint: SDN Application Control Workshop on Secure Network Protocols (NPSec14) 19

OperationCheckpoint: SDN Application Control Workshop on Secure Network Protocols (NPSec14) 19 October 2014 Sandra Scott-Hayward, Christopher Kane and Sakir Sezer s.scott-hayward@qub.ac.uk Centre for Secure Information Technologies (CSIT)

359 views • 20 slides
GEF 5

GEF 5

GEF 5 Funds System for Transparent Allocation of Resources (STAR) Enabling Activities GEF 5 Star Focal Area Allocations Biodiversity (1.2bb)

386 views • 11 slides
CRA Cyber-Security Collaborative Research Alliance: MACRO: Models for Enabling Continuous

CRA Cyber-Security Collaborative Research Alliance: MACRO: Models for Enabling Continuous

CRA Cyber-Security Collaborative Research Alliance: MACRO: Models for Enabling Continuous Reconfigurability of Secure Missions Prof. Patrick McDaniel Initial Feedback Meeting ARL - Adelphi, MD October 15th, 2013 CRA: Models for Enabling

435 views • 7 slides
Transparent Assessment Providing transparent goals and expectations for students Jonathon Adams

Transparent Assessment Providing transparent goals and expectations for students Jonathon Adams

Transparent Assessment Providing transparent goals and expectations for students Jonathon Adams Shinshu University Thursday, 9 August 12 Outline Aims of the presentation An approach to transparent goals and expectations Example

576 views • 46 slides
ERSAT - EAV ERTMS on SATELLITE Enabling Application Validation Alessandro Neri 1 , Gianluigi

ERSAT - EAV ERTMS on SATELLITE Enabling Application Validation Alessandro Neri 1 , Gianluigi

Pacific PNT May 2-4, 2017 Honolulu, Hawaii ERSAT - EAV ERTMS on SATELLITE Enabling Application Validation Alessandro Neri 1 , Gianluigi Fontana 2 , Salvatore Sabina 2 , Francesco Rispoli 2 , Roberto Capua 3 , Giorgia Olivieri 3 , Fabio

523 views • 23 slides
Secure application development with AOP Nils Durner <ndurner@web.de> 1 Outline of the

Secure application development with AOP Nils Durner <ndurner@web.de> 1 Outline of the

Secure application development with AOP Nils Durner <ndurner@web.de> 1 Outline of the talk Introduction to Aspect Oriented Programming Examples for uses of AOP for security AOP & Memory safety Future work 2 What is

870 views • 59 slides
Flood application on gLite Ladislav Hluchy, Viet D. Tran Institute of Informatics, SAS Slovakia

Flood application on gLite Ladislav Hluchy, Viet D. Tran Institute of Informatics, SAS Slovakia

Enabling Grids for E-sciencE Flood application on gLite Ladislav Hluchy, Viet D. Tran Institute of Informatics, SAS Slovakia www.eu-egee.org INFSO-RI-508833 History of Flood application Enabling Grids for E-sciencE Flood application is

501 views • 22 slides
EU Grid Research and the European Research Area Enabling application technologies Wolfgang

EU Grid Research and the European Research Area Enabling application technologies Wolfgang

EU Grid Research and the European Research Area Enabling application technologies Wolfgang Boch Architecture, Head of Unit Design and DG Information Society Development Unit F2 - Grids for Complex of the next Problem solving

303 views • 27 slides
How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

DIMACS Workshop On Secure Routing March 10, 2010 How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing Protocols? $ $ Sharon Goldberg Microsoft Research & Boston University y Michael Schapira

701 views • 54 slides
The Application of GIS is Growing : We are beginning to spatially enabling all business functions

The Application of GIS is Growing : We are beginning to spatially enabling all business functions

Cummens The Application of GIS is Growing : We are beginning to spatially enabling all business functions Page: 1 Cummens GIS Is Particularly Valuable For Managing Complex Events Problem Solving Page: 2 Cummens GIS Implementations Follow

703 views • 28 slides

More recommend