Voodoo: Memory Tagging, Authenticated Encryption, and Error Correction through MAGIC

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandBegutachtung

Abstract

Confidentiality, authenticity, integrity of data, and runtime security are ubiquitous concerns in modern computer systems. However, these security concerns have traditionally been addressed by separate mechanisms. Error-correcting codes (ECC) detect and correct DRAM errors, ensuring the integrity of stored data. Authenticated memory encryption provides data confidentiality and authenticity. Memory tagging enforces memory safety, thereby improving runtime security. The lack of a combined primitive increases system complexity, memory overheads, and the overall performance impact. In this work, we present Voodoo, the first combined scheme for authenticated encryption, DRAM error correction, and memory tagging. Our design extends the MAGIC mode for authenticated encryption and error correction proposed by Kounavis et al.. With Voodoo, DRAM data is encrypted, and a tag-dependent message authentication code protects the integrity of the stored data while simultaneously allowing for the correction of DRAM faults. Thus, we can implement a wide range of tagged memory architectures without introducing additional memory requests or storage overheads. We present three tag encoding schemes providing up to 36 tag bits per cache line. Using the gem5 simulator, we implement and benchmark our design. Our evaluation shows a low runtime overhead of 1.4% on average compared to a system without any of the provided security features. We use a Monte-Carlo simulation of a DRAM fault model based on real-world DRAM fault behavior to demonstrate the corrective capabilities of Voodoo. Our results show that we consistently outperform traditional single-error correction, double-error detection (SEC-DED) codes in terms of error correction and detection. For multi-chip faults, Voodoo offers stronger error detection than commodity Chipkill solutions.
Originalspracheenglisch
TitelProceedings of the 33rd USENIX Conference on Security Symposium
Herausgeber (Verlag)USENIX Association
Seiten7159 - 7176
Seitenumfang18
ISBN (elektronisch)978-1-939133-44-1
DOIs
PublikationsstatusVeröffentlicht - 6 Jan. 2025
Veranstaltung33rd USENIX Security Symposium: USENIX Security 2024 - Philadelphia Marriott Downtown, Philadelphia, USA / Vereinigte Staaten
Dauer: 14 Aug. 202416 Aug. 2024
https://www.usenix.org/conference/usenixsecurity24

Konferenz

Konferenz33rd USENIX Security Symposium: USENIX Security 2024
KurztitelUSENIX
Land/GebietUSA / Vereinigte Staaten
OrtPhiladelphia
Zeitraum14/08/2416/08/24
Internetadresse

Fingerprint

Untersuchen Sie die Forschungsthemen von „Voodoo: Memory Tagging, Authenticated Encryption, and Error Correction through MAGIC“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren