Supporting Trusted Virtual Machines with Hardware-Based Secure Remote Memory
Although recent studies have been improving the performance of RDMA-based memory disaggregation systems, their security aspect has not been thoroughly investigated. For secure disaggregated memory, the memory-providing node must protect its memory from memory-requesting nodes, and the memory-requesting node requires the confidentiality and integrity protection of its memory contents in the remote node, even when the privileged software is compromised. To provide protection of remote memory, this study proposes a hardware-assisted memory disaggregation system. The proposed trusted disaggregated memory combines the current trusted hardware-based virtual machine (VM) and a new dedicated hardware engine for trusted memory disaggregation. The processor with supports for trusted VM protects the context of a user VM within the local system, while the proposed hardware engine provides an efficient isolation and protection of remote memory pages, guaranteeing the confidentiality and integrity of remote memory pages. In the secure memory disaggregation system, fast address translation and access validation are supported with the cooperation of the hardware engine and guest OS in a trusted virtual machine. In addition, the proposed system hides the memory access patterns observable from remote nodes, supporting obliviousness. Our evaluation with an FPGA-based prototype implementation shows that such fine-grained secure disaggregated memory is feasible with comparable performance to the latest software-based technique without security support.
Tue 25 JunDisplayed time zone: Windhoek change
11:40 - 12:20 | ISMM: Session 2 - Hardware for Memory ManagementISMM 2024 at Iceland Chair(s): Sara S. Hamouda Google | ||
11:40 20mTalk | Supporting Trusted Virtual Machines with Hardware-Based Secure Remote Memory ISMM 2024 Taekyung Heo NVIDIA, Seunghyo Kang KAIST, Sanghyeon Lee KAIST, Soojin Hwang KAIST, Joongun Park Georgia Tech, Jaehyuk Huh KAIST DOI | ||
12:00 20mTalk | A Managed Memory System for Micro Controllers with NOR Flash Memory ISMM 2024 Akira Inoue University of Tokyo, Tomoharu Ugawa University of Tokyo, Shigeru Chiba University of Tokyo DOI |