SIGMOD-2024-Object-oriented Unified Encrypted Memory Management for Heterogeneous Memory Architectures_阿里云.pdf
免费下载
Object-oriented Unified Encrypted Memory Management for
Heterogeneous Memory Architectures
MO SHA
∗
, Alibaba Cloud, Singapore
YIFAN CAI
∗†
, University of Pennsylvania, USA
SHENG WANG, Alibaba Cloud, Singapore
LINH THI XUAN PHAN, University of Pennsylvania, USA
FEIFEI LI, Alibaba Cloud, China
KIAN-LEE TAN, National University of Singapore, Singapore
In contemporary database applications, the demand for memory resources is intensively high. To enhance
adaptability to varying resource needs and improve cost eciency, the integration of diverse storage tech-
nologies within heterogeneous memory architectures emerges as a promising solution. Despite the potential
advantages, there exists a signicant gap in research related to the security of data within these complex
systems. This paper endeavors to ll this void by exploring the intricacies and challenges of ensuring data
security in object-oriented heterogeneous memory systems. We introduce the concept of Unied Encrypted
Memory (UEM) management, a novel approach that provides unied object references essential for data man-
agement platforms, while simultaneously concealing the complexities of physical scheduling from developers.
At the heart of UEM lies the seamless and ecient integration of data encryption techniques, which are
designed to ensure data integrity and guarantee the freshness of data upon access. Our research meticulously
examines the security deciencies present in existing heterogeneous memory system designs. By advancing
centralized security enforcement strategies, we aim to achieve ecient object-centric data protection. Through
extensive evaluations conducted across a variety of memory congurations and tasks, our ndings highlight
the eectiveness of UEM. The security features of UEM introduce low and acceptable overheads, and UEM
outperforms conventional security measures in terms of speed and space eciency.
CCS Concepts: • Security and privacy
→
Distributed systems security; • Information systems
→
Main
memory engines; • Hardware → Emerging architectures ; External storage.
Additional Key Words and Phrases: Memory Security; Unied Memory Management; Heterogeneous Memory
Architecture; Data Condentiality; Data Integrity
ACM Reference Format:
Mo Sha, Yifan Cai, Sheng Wang, Linh Thi Xuan Phan, Feifei Li, and Kian-Lee Tan. 2024. Object-oriented
Unied Encrypted Memory Management for Heterogeneous Memory Architectures. Proc. ACM Manag. Data
2, 3 (SIGMOD), Article 155 (June 2024), 29 pages. https://doi.org/10.1145/3654958
∗
Both authors contributed equally to the paper.
†
Yifan’s work was partially done during an internship at Alibaba Cloud.
Authors’ Contact Information: Mo Sha, Alibaba Cloud, Singapore, shamo.sm@alibaba-inc.com; Yifan Cai, University of
Pennsylvania, USA, caiyifan@seas.upenn.edu; Sheng Wang, Alibaba Cloud, Singapore, sh.wang@alibaba-inc.com; Linh Thi
Xuan Phan, University of Pennsylvania, USA, linhphan@cis.upenn.edu; Feifei Li, Alibaba Cloud, China, lifeifei@alibaba-
inc.com; Kian-Lee Tan, National University of Singapore, Singapore, tankl@comp.nus.edu.sg.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee
provided that copies are not made or distributed for prot or commercial advantage and that copies bear this notice and the
full citation on the rst page. Copyrights for components of this work owned by others than the author(s) must be honored.
Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires
prior specic permission and/or a fee. Request permissions from permissions@acm.org.
© 2024 Copyright held by the owner/author(s). Publication rights licensed to ACM.
ACM 2836-6573/2024/6-ART155
https://doi.org/10.1145/3654958
Proc. ACM Manag. Data, Vol. 2, No. 3 (SIGMOD), Article 155. Publication date: June 2024.
155:2 Mo Sha et al.
1 INTRODUCTION
As the volume of data continues to grow, it is no longer cost-eective for data management
systems to support memory-intensive workloads eciently. Instead, in recent years, a wide range
of heterogeneous memory architectures, designed to suit specic scenarios and optimization goals,
have been introduced and widely integrated into the development of data management systems [
26
,
52
,
75
,
78
,
92
]. Such systems integrate a variety of storage modalities to form a large-scale memory
system to support memory access operations during program execution in a transparent manner.
They are manifested in a variety of ways, e.g., remote memory [
2
,
5
,
19
,
31
,
32
], disaggregated
memory [
30
,
35
,
51
,
58
,
87
], and non-volatile memory [
46
], with each specic approach oering its
own unique advantages. In general, these systems aim to address the balance between performance
and cost that arises from the distinct physical characteristics of various storage tiers. Moreover,
heterogeneous memory systems enhance exibility in resource allocation, optimize utilization, and
consequently, mitigate costs.
Shared Memory Pool
User Other Malicious Tenants
Read
Secrets
Tampering
Remote Server
Network
Network Attacker
Corrupt Admin
Sensitive
Data
Fig. 1. An example of shared memory pool expanding aack surface in heterogeneous memory architectures.
While there has been extensive research on empowering heterogeneous memory architectures
for data processing [
50
,
53
,
107
,
110
], the focus has largely been on performance, applicability, fault
tolerance, and availability. Surprisingly, to our knowledge, there is no reported work that looks at
safeguarding the data. In particular, these novel memory architectures introduce additional chal-
lenges in safeguarding data. For instance, consider a shared memory pool built on networks [
56
], as
depicted in Fig. 1. Data reliability is inherently lower than in traditional schemes due to the presence
of networks and remote servers, which are physically more challenging to control. Attackers or
even corrupt administrators of these facilities can pose a greater threat than before, thus expanding
the attack surface. Moreover, with dynamic resource allocation typical in heterogeneous memory
systems, e.g., clouds or other shared hardware scenarios, multi-tenancy [
96
] exacerbates threat
complexity and diversies attack vectors. Malicious tenants might exploit vulnerabilities [
38
] and
breach isolation to access or tamper with others’ data. We seek to bridge such a gap in this paper.
Motivation. Prior research studies on traditional memory security fall short in eectively address-
ing the challenges associated with developing a data management platform based on heterogeneous
memory architectures. This situation demands a more precise delineation of the domain-specic
characteristics of these challenges, thereby emphasizing a robust and clear motivation for investi-
gating innovative and eective technical solutions.
First, in heterogeneous memory architectures, consideration of asymmetric security is imperative
due to signicant variations in security attributes (e.g., exclusive vs. shared), safeguards (e.g., local
vs. remote), or the intrinsic properties (e.g., volatile vs. non-volatile) of dierent memory tiers.
This results in the emergence of intricate and unique attack vectors, which are unlike the security
challenges in homogeneous memory environments that generally operate on consistent, uniform
assumptions about benign hypotheses or the capabilities of adversaries. In contrast, the asymmetric
nature of heterogeneous architectures implies that the overall security is only as strong as its weakest
Proc. ACM Manag. Data, Vol. 2, No. 3 (SIGMOD), Article 155. Publication date: June 2024.
Object-oriented Unified Encrypted Memory Management for Heterogeneous Memory Architectures 155:3
tier—a compromise in a single tier could jeopardize the robustness of the entire system. Therefore,
it is essential to have a deep understanding and eective incorporation of this characteristic to
enhance data security during interactions among tiers with disparate levels of security strength.
Second, eectively deploying proactive security solutions is challenging, especially in the context
of methodologies based on specic benign conditions. This is because the subordinate memory
tier within a heterogeneous memory framework often lacks the capacity to maintain any security
assumptions. It is dicult to both reliably ascertain its activation and discern when a failure
occurs. Thus, in these cases, it becomes imperative to consider the most pessimistic hypothesis:
the application operates on a heterogeneous memory tier that is entirely compromised. Under
such conditions, adversaries may have unrestrained and silent access to read or alter the managed
memory data within this layer. This situation necessitates the implementation of robust passive
security strategies, including encryption and verication mechanisms, to safeguard the applications’
memory, even in such critical scenarios.
Third, most of the existing memory security mechanisms are ecient only with page-based
memory management. While these coarse-grained page-swapping methods [
5
,
35
] simplify memory
allocation and replacement complexities compared to ne-grained management [
24
,
25
,
71
,
81
],
they have signicant drawbacks for applications with memory access patterns that lack locality
or exhibit global randomness. These drawbacks include notable latency uctuations and I/O am-
plication [
1
,
17
] upon page misses. Given that the interconnection bandwidth between memory
hierarchies is often the bottleneck in memory-intensive applications [
15
], this can substantially
impact performance. In these scenarios, ne-grained object-based schemes can be a complementary
choice, oering superior performance [
68
,
81
,
89
], especially for a signicant portion of typical data
management tasks, such as table joins [
11
], key-value queries [
89
], and graph processing [
100
,
108
].
However, achieving robust passive measures for pessimistic scenarios on ne-grained objects is
not straightforward. This is because most data security techniques operate on larger data blocks to
eciently amortize the incurred overhead [
37
]. For example, to ensure the three primary properties
of data security—condentiality, integrity, and freshness—at least three types of metadata are
required with traditional approaches: nonces, digests, and timestamps. Further, the corresponding
algorithms involve initial computation costs unrelated to data block sizes. For xed and suciently
large pages, this may be acceptable. However, if such metadata is at the object level, e.g., a few
bytes in length, the extra space overhead would be several times the eective data payload, clearly
contradicting the primary goal of heterogeneous memory systems—spatial eciency.
Our proposal. In this paper, we delve into object-oriented heterogeneous memory architectures,
initiating the exploration of their data security challenges. We propose the object-oriented Unied
Encrypted Memory (UEM) management for heterogeneous memory architectures. Specically,
UEM is developed in C++ and exposes unied object references, allowing developers to eortlessly
build data management platforms upon heterogeneous memory architectures. They can focus
on data operational logic without becoming entangled in the nuances of memory management.
Interactions between UEM and specic memory devices occur via a unied interface, ensuring that
UEM is not tied to any specic hardware, exhibiting impressive scalability. As for data security,
when objects are written back to the heterogeneous memory tiers through unied references,
their data is encrypted. Similarly, during reads, UEM checks for data integrity and freshness at
dereference, returning the decrypted original content. This entire security enforcement process
remains transparent to developers. Central to our proposal is the way in which UEM provides
cost-eective data security measures rooted in its design philosophy. Instead of viewing objects in
isolation and managing security metadata independently, UEM employs centralized data structures.
Proc. ACM Manag. Data, Vol. 2, No. 3 (SIGMOD), Article 155. Publication date: June 2024.
of 29
免费下载
【版权声明】本文为墨天轮用户原创内容,转载时必须标注文档的来源(墨天轮),文档链接,文档作者等基本信息,否则作者和墨天轮有权追究责任。如果您发现墨天轮中有涉嫌抄袭或者侵权的内容,欢迎发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。
相关文档
评论