You are currently viewing SemiWiki as a guest which gives you limited access to the site. To view blog comments and experience other SemiWiki features you must be a registered member. Registration is fast, simple, and absolutely free so please, join our community today!
Due to their high density and near-zero leakage power consumption, non-volatile memories (NVMs) are promising candidates for designing future memory systems. However, compared to conventional memories, NVMs also face more-severe security threats, e.g., the limited write endurance of NVMs makes them vulnerable to write-attacks. Also, the non-volatility of NVMs allows the data to persist even after power-off, which can be accessed by a malicious agent. Further, encryption endangers NVM lifetime and performance by reducing the efficacy of redundant-write avoidance techniques.
The attached paper presents a survey of techniques for improving security of NVM-based memories by addressing the aforementioned challenges. This paper is expected to be useful for researchers and practitioners in the area of memory and hardware/system security.
It reviews 40+ papers and has been accepted in Journal of Hardware and Systems Security 2018.
It is an interesting coverage of the potential vulnerabilities of NVMs to attacks. I think the defense can be both in hardware and software. For hardware, the obvious choice is a DRAM cache, which has no endurance issues and no remanence or retention which could pose security risk. For software, obviously analysis of high-volume overwrite data patterns can be targeted.
I think encryption is inevitable and am not sure your suggestions for small blocks are in general feasible, they increase the overheads of managing the media which can add to latency and reduce capacity. If the media does not have enough endurance to be care free (generally, 10M rewrites or better, assuming wear levelling, then the cache has to be quite well planned and reasonably large. Detecting attacks is also good: this should be a widespread plan not just here but other places like CPUs. You can't anticipate every way Specter-style abandoned branching could be weaponized, but you could count how frequently exceptions would be happening under abandoned paths and detect the whole approach before it can gather useful information.
PCM is used as a reference NVM, yet not so much detail in the relevant reliability aspects of PCM, in particularly the endurance. It seems that NAND could be a more useful reference, as it is being used in the majority of SSDs and endurance is definitely limited.
MRAM can be fabricated to have a very low retention time (several minutes or even seconds) during which the "bit" will flip. Not only is the data lost but some speculate that the random bit flipping in MRAM cells can be used for the physically unclonable function, another important application in cryptography.
