GIT-CERCS-09-17
    Nak Hee Seong, Dong Hyuk Woo, Hsien-Hsin S. Lee,
    Security Refresh: Prevent Malicious Wear-out and Increase Durability for Phase-Change Memory with Dynamically Randomized Address Mapping

    Phase-change Random Access Memory (PRAM) is an emerging memory technology for future computing systems. It is nonvolatile and has a faster read latency and potentially higher storage density than other memory alternatives. Recently, system researchers have studied the trade-off of using PRAM to back up a DRAM cache as a last level memory or to implement it in a hybrid memory architecture. The main roadblock preventing PRAM from commercially viable, however, is its much lower write endurance. Several recent proposals attempted to address this issue by either reducing PRAM's write frequency or using wear-leveling techniques to evenly distribute PRAM writes. Although the lifetime of PRAM could be extended by these techniques under normal operations of typical applications, most of them do not prevent a malicious code deliberately designed to wear it out. Furthermore, all of these prior techniques failed to consider the circumstances when a compromised OS is present and its secur ity implication to the overall PRAM design. A compromised OS, (e.g., via simple buffer overflow) will allow adversaries to manipulate all processes and exploit side channels easily, accelerating the wear-out of targeted PRAM blocks and rendering a dysfunctional system.

    In this paper, we argue that a PRAM design not only has to consider normal wear-out under conventional application behavior, most importantly, it must take the worst-case scenario into account with the presence of malicious exploits and a compromised OS. Such design consideration will address both the durability and security issues of PRAM simultaneously. Toward this goal, in this work, we propose a novel, low-cost hardware mechanism called Security Refresh. Similar to the concept of protecting charge leak from DRAM, Security Refresh prevents information leak by constantly migrating its physical location (thus refresh) inside PRAM, obfuscating the actual data placement from users and system software. It uses a dynamic randomized address mapping scheme, which swaps data between random PRAM blocks using random keys generated by thermal noise upon each refresh due. The hardware is extremely low-cost without using any table. We presented two implementation alternatives and showed their tradeoff and respective wear-out endurance. For a given con_guration, we show that the optimal lifetime of a PRAM block (256B) is 8 years. In addition, we showed the performance impact of Security Refresh is mostly negligible.