ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2020, Vol. 57 ›› Issue (5): 912-927.doi: 10.7544/issn1000-1239.2020.20190820

• 综述 • 上一篇    下一篇

安全持久性内存存储研究综述

杨帆,李飞,舒继武   

  1. (清华大学计算机科学与技术系 北京 100084) (yangf17@mails.tsinghua.edu.cn)
  • 出版日期: 2020-05-01
  • 基金资助: 
    国家重点研发计划项目(2018YFB1003301);国家自然科学基金重点项目(61832011);广东省科技创新战略专项项目(2018B010109002)

Survey on Secure Persistent Memory Storage

Yang Fan, Li Fei, Shu Jiwu   

  1. (Department of Computer Science and Technology, Tsinghua University, Beijing 100084)
  • Online: 2020-05-01
  • Supported by: 
    This work was supported by the National Key Research and Development Program of China (2018YFB1003301), the Key Program of the National Natural Science Foundation of China (61832011), and the Science and Technology Innovation Strategy Special Project of Guangdong Province (2018B010109002).

摘要: 在计算机技术和互联网技术飞速发展的进程中,计算机安全防护和数据机密性保护一直是学术界和工业界关注的焦点.主流的内存安全机制通过提供硬件辅助的机密性与完整性验证,确保选定的代码在运行时的内存可信,达到数据保护、防止泄漏和遭篡改的目的.新型持久性内存可像DRAM一样放置在内存总线上,通过处理器load和store指令进行访问,此外,持久性内存能够提供大容量和数据持久性支持,具有高带宽和低延迟的数据访问特性.然而,由于介质特性上的差异,面向DRAM的内存安全机制无法在持久性内存上高效运行,甚至存在可用性问题.因此,构建基于持久性内存的安全内存存储系统将为大数据的安全高效存储带来新的机遇.首先,针对持久性内存的写特性,分析了将面向传统易失内存的安全防护措施应用于持久性内存会引起额外开销的原因,并介绍相关降低开销的研究工作.其次,针对持久性内存的非易失性,分析了为保障持久性内存在其生命周期内的安全性所面临的问题与挑战,并介绍了数据及其安全元数据的一致性管理相关研究工作.最后,总结了构建面向持久性内存的安全存储系统面临的挑战,对相关工作进行综合比较,并提出下一步研究展望.

关键词: 持久性内存, 内存安全, 加密, 完整性验证, 灾后一致性

Abstract: With the rapid development of computer technology, computer security and data privacy protection have always been the focus of academic and industrial. By providing hardware-assisted confidentiality and integrity verification, memory security mechanism helps guarantee the security of application code and data, and prevent them from malicious memory disclosure and modification. The emerging persistent memory delivers a unique combination of affordable large capacity and support for data persistence and provides high-bandwidth and low-latency data access. It can be placed on the memory bus like DRAM and will be accessed via processor loads and stores. However, due to differences in media characteristics, DRAM-oriented memory security mechanisms cannot function efficiently on persistent memory and even have availability issues. Therefore, a secure memory storage system based on persistent memory will bring new opportunities for the secure and efficient memory storage of big data. Firstly, for the write characteristics of persistent memory, the reasons for low-efficiency in applying the security measure against traditional volatile memory to persistent memory are analyzed, and related work is expounded. Secondly, for persistent memory storage, we analyze the problems that need to be considered to ensure the security of persistent memory in its whole life cycle, and introduce research work on guaranteeing the consistency between data and corresponding metadata for security. Finally, we conclude the challenges and compare the related work in building secure memory storage based on persistent memory, and share our views on future research.

Key words: persistent memory, memory security, data encryption, integrity verification, crash consistency

中图分类号: