MERR: Improving Security of Persistent Memory Objects via Efficient Memory Exposure Reduction and Randomization

Session: Enclaves and memory security--Who will guard the guards?

Authors: Yuanchao Xu (North Carolina State University); Yan Solihin (University of Central Florida); Xipeng Shen (North Carolina State University)

This paper proposes a new defensive technique for memory, especially useful for long-living objects on Non-Volatile Memory (NVM), or called Persistent Memory objects (PMOs). The method takes a distinctive perspective, trying to reduce memory exposure time by largely shortening the overhead in attaching and detaching PMOs into the memory space. It does it through a novel idea, embedding page table subtrees inside PMOs. The paper discusses the complexities the technique brings, to permission controls and hardware implementations, and provides solutions. Experimental results show that the new technique reduces memory exposure time by 60% with a 5% time overhead (70% with 10.9% overhead). It allows much more frequent address randomizations (shortening the period from seconds to less than 41.4us), offering significant potential for enhancing memory security.