Performance-Enhanced Integrity Verification for Large Memories

Modern memory systems on cloud servers are vulnerable to many security threats including memory integrity attacks. To protect user data, secure infrastructures like Intel SGX have deployed cryptographic memory protection mechanisms such as MAC+integrity tree. However, using an integrity tree can significantly increase the latency of memory data accesses and thus decrease performance. Although there are many tree optimizations that have obtained performance improvements, the overhead of using an integrity tree remains high. This overhead has become even worse with the recent increase of cloud memory size, making integrity protection impractical on cloud servers.We argue that most prior optimization works do not consider the architecture features of cloud server processors and thus miss the opportunity for further performance improvement. Based on this, we propose Parallelized-Compressed-Prefetched-Tree (PCPT), a tree optimization design tailored for cloud servers. PCPT consists of three methods including 1) parallelizing the memory accesses along a tree path to shorten the critical path, 2) compressing data cache lines and storing counters together with the data to reduce meta data accesses, and 3) prefetching in a tree-aware manner. We evaluate PCPT using 25 benchmarks drawn from 3 suites, and we show that PCPT improves the performance of the state-of-the-art by over 35%.