Projekte pro Jahr
Abstract
Confidentiality, authenticity, integrity of data, and runtime security are ubiquitous concerns in modern computer systems. However, these security concerns have traditionally been addressed by separate mechanisms. Error-correcting codes (ECC) detect and correct DRAM errors, ensuring the integrity of stored data. Authenticated memory encryption provides data confidentiality and authenticity. Memory tagging enforces memory safety, thereby improving runtime security. The lack of a combined primitive increases system complexity, memory overheads, and the overall performance impact. In this work, we present Voodoo, the first combined scheme for authenticated encryption, DRAM error correction, and memory tagging. Our design extends the MAGIC mode for authenticated encryption and error correction proposed by Kounavis et al.. With Voodoo, DRAM data is encrypted, and a tag-dependent message authentication code protects the integrity of the stored data while simultaneously allowing for the correction of DRAM faults. Thus, we can implement a wide range of tagged memory architectures without introducing additional memory requests or storage overheads. We present three tag encoding schemes providing up to 36 tag bits per cache line. Using the gem5 simulator, we implement and benchmark our design. Our evaluation shows a low runtime overhead of 1.4% on average compared to a system without any of the provided security features. We use a Monte-Carlo simulation of a DRAM fault model based on real-world DRAM fault behavior to demonstrate the corrective capabilities of Voodoo. Our results show that we consistently outperform traditional single-error correction, double-error detection (SEC-DED) codes in terms of error correction and detection. For multi-chip faults, Voodoo offers stronger error detection than commodity Chipkill solutions.
Originalsprache | englisch |
---|---|
Titel | Proceedings of the 33rd USENIX Conference on Security Symposium |
Herausgeber (Verlag) | USENIX Association |
Seiten | 7159 - 7176 |
Seitenumfang | 18 |
ISBN (elektronisch) | 978-1-939133-44-1 |
DOIs | |
Publikationsstatus | Veröffentlicht - 6 Jan. 2025 |
Veranstaltung | 33rd USENIX Security Symposium: USENIX Security 2024 - Philadelphia Marriott Downtown, Philadelphia, USA / Vereinigte Staaten Dauer: 14 Aug. 2024 → 16 Aug. 2024 https://www.usenix.org/conference/usenixsecurity24 |
Konferenz
Konferenz | 33rd USENIX Security Symposium: USENIX Security 2024 |
---|---|
Kurztitel | USENIX |
Land/Gebiet | USA / Vereinigte Staaten |
Ort | Philadelphia |
Zeitraum | 14/08/24 → 16/08/24 |
Internetadresse |
Fingerprint
Untersuchen Sie die Forschungsthemen von „Voodoo: Memory Tagging, Authenticated Encryption, and Error Correction through MAGIC“. Zusammen bilden sie einen einzigartigen Fingerprint.-
AWARE - Hardware-gewährleistete Softwaresicherheit
Mangard, S. (Teilnehmer (Co-Investigator))
1/05/22 → 30/04/25
Projekt: Forschungsprojekt
-
SEIZE - Secure Edge-Geräte für industrielle Zero-Trust Umgebungen
Mangard, S. (Teilnehmer (Co-Investigator))
1/01/22 → 31/12/24
Projekt: Forschungsprojekt
Aktivitäten
- 1 Vortrag bei Konferenz oder Fachtagung
-
Voodoo: Memory Tagging, Authenticated Encryption, and Error Correction through MAGIC
Lamster, L. A. (Redner/in)
16 Aug. 2024Aktivität: Vortrag oder Präsentation › Vortrag bei Konferenz oder Fachtagung › Science to science