Abstract:
Non-volatile memory (NVM) is an emerging candidate for the next generation of main memory. Building persistent memory systems with NVM faces two challenges, including ensuring data security and optimizing write operations. Recent studies have proposed encryption and integrity verification techniques to protect in-memory data, and have proposed selective reencryption techniques to reduce write overhead. These techniques introduce various metadata that are stored in persistent memory. However, existing metadata management mechanisms only consider part of the metadata, which still causes significant metadata access overhead. To address the problem, we propose COTANA, a coordinated metadata management method for secure persistent memory. COTANA places the encryption and the selective reencryption metadata in the same metadata blocks, so that fetching the metadata for encryption/decryption needs only one read. COTANA builds an integrity tree on these metadata blocks, and places the message authentication codes (MAC) in an ECC chip to avoid extra access latency. Moreover, we observe that the bytes within a block have different modification frequencies for real-world workloads. Therefore, for selective reencryption, COTANA adopts a dynamic data partition scheme that dynamically chooses the partition methods with lowest bit flips. The methods include an existing successive partition method and a gathered partition method that is designed based on the modification frequencies. The evaluation results show that COTANA improves performance by up to 13.7%, and decreases bit flips by up to 21.3% compared with the state-of-the-art designs.