![\"purely](\"https:\/\/ece.ncsu.edu\/wp-content\/uploads\/2022\/04\/awad-nvm-2022-header-1024x576.jpg\")
<\/p>\n<\/p>\n
Researchers have developed a technique that leverages hardware and software to improve file system security for next-generation memory technologies called non-volatile memories (NVMs). The new encryption technique also permits faster performance than existing software security technologies.<\/p>\n
\u201cNVMs are an emerging technology that allows rapid access to the data, and retains data even when a system crashes or loses power,\u201d says Amro Awad, senior author of a paper on the work and an assistant professor of electrical and computer engineering at North Carolina State University. \u201cHowever, the features that give NVMs these attractive characteristics also make it difficult to encrypt files on NVM devices \u2013 which raises security concerns. We\u2019ve developed a way to secure files on NVM devices without sacrificing the speed that makes NVMs attractive.\u201d<\/p>\n
\u201cOur technique allows for file-level encryption in fast NVM memories, while cutting the related execution time significantly,\u201d says Kazi Abu Zubair, first author of the paper and a Ph.D. student at NC State.<\/p>\n
Traditionally, computers use two types of data storage. Dynamic random access memory (DRAM) allows quick access to stored data, but will lose that data if the system crashes. Long-term storage technologies, such as hard drives, are good at retaining data even if a system loses power \u2013 but store the data in a way that makes it slower to access.<\/p>\n
NVMs combine the best features of both technologies. However, securing files on NVM devices can be challenging.<\/p>\n
Existing methods for file system encryption use software, which is not particularly fast. Historically, this wasn\u2019t a problem because the technologies for accessing file data from long-term storage devices weren\u2019t particularly fast either.<\/p>\n
\u201cBut now that NVMs are allowing faster access to file data, the software approach to file encryption has become a problem, because it slows down overall operations,\u201d Abu Zubair says.<\/p>\n
\u201cTo address this challenge, we\u2019ve developed a novel architecture that incorporates some elements of the encryption and decryption process into hardware, which is faster than software. As a result, processes that allow users to store and retrieve file data securely are significantly faster.\u201d<\/p>\n
In simulations, the researchers found that using their novel encryption architecture to secure files in NVMs slowed down operations by 3.8%, when running workloads that were representative of real-world applications. When using software approaches to provide security for the same workloads, operations slowed by about 200%.<\/p>\n
\u201cIf this was implemented in commercial processors, it would significantly improve performance for secure file operation in large data centers and cloud systems,\u201d Abu Zubair says.<\/p>\n
\u201cWhile this work addresses file encryption, we think it is important to assess other security functions \u2013 such as auditing and run-time ransomware detection \u2013in the context of direct access file systems,\u201d says Awad. \u201cAnd addressing those security functions using traditional software approaches can also slow system performance. We\u2019re optimistic that our hybrid hardware\/software approach may be able to improve performance for those functions as well \u2013 that\u2019s an area we\u2019re exploring.\u201d<\/p>\n
The paper, \u201cFilesystem Encryption or Direct-Access for NVM Filesystems? Let\u2019s Have Both!,\u201d will be presented April 5 at the 28th IEEE International Symposium on High-Performance Computer Architecture (HPCA-22). The paper was co-authored by David Mohaisen of the University of Central Florida.<\/p>\n
The work was done with support from the National Science Foundation under grant 1814417.<\/p>\n
-shipman-<\/p>\n
Note to Editors:<\/strong> The study abstract follows.<\/p>\n \u201cFilesystem Encryption or Direct-Access for NVM Filesystems? Let\u2019s Have Both!\u201d<\/strong><\/p>\n Authors<\/em>: Kazi Abu Zubair and Amro Awad, North Carolina State University; David Mohaisen, University of Central Florida<\/p>\n Presented<\/em>: April 5, 2022, The 28th IEEE International Symposium on High-Performance Computer Architecture (HPCA-22)<\/p>\n Abstract:<\/strong> Emerging Non-Volatile Memories (NVMs) are promising candidates to build ultra-low idle power memory and storage devices in future computing systems. Unlike DRAM, NVMs do not require frequent refresh operations, and they can retain data after crashes and power loss. With such features, NVM memory modules can be used partly as conventional memory to host memory pages and partly as file storage to host filesystems and persistent data. Most importantly, and unlike current storage technologies, NVMs can be directly attached to the memory bus and accessed through conventional load\/store operations. As NVMs feature ultra-low access latency, it is necessary to minimize software overheads for accessing files to enable the full potential. In legacy storage devices, e.g., Flash and Hard-disk drives, access latency dominates the software overheads. However, emerging NVMs\u2019 performance can be burdened by the software overheads since memory access latency is minimal. Modern Operating Systems (OSes) allow direct-access (DAX) for NVM-hosted files through direct load\/store operations by eliminating intermediate software layers. Unfortunately, we observe that such a direction ignores filesystem encryption and renders most of the current filesystem encryption implementations inapplicable to future NVM systems. In this paper, we propose a novel hardware\/software co-design architecture that enables transparent filesystem encryption without sacrificing the direct-access feature of files in emerging NVMs with minimal change in OS and memory controller. Our proposed model incurs a negligible overall slowdown of 3.8% for workloads representative of real-world applications, while software-based encryption can incur as high as 5x slowdown for some applications.<\/p>\n