A Software-based Secure Disaggregated Memory System on Commodity Servers

Yewon Yong, Taehoon Kim, Sungho Lee, Changdae Kim

http://doi.org/10.5626/JOK.2024.51.9.757

A disaggregated memory system is a technology that consolidates memory from multiple servers. While this technique provides large amounts of memory for applications, it also poses serious security threats due to sensitive data transmission between servers. Several studies have addressed this issue by relying on specialized hardware. However, the use of such hardware introduces not only additional costs but also challenges in adopting it on commercial servers because of compatibility issues. In this paper, we propose a software-based mechanism to ensure the security of disaggregated memory systems. Our approach aims to prevent security threats by performing encryption and integrity verification on data transmitted between servers within a disaggregated memory system. To minimize the performance overhead associated with software implementation, our approach overlaps data transmission and decryption, and encrypts only private data. In addition, we optimize the size of encryption metadata to reduce memory overhead. Through empirical evaluations, we demonstrate that our proposed software-based security mechanism incurs negligible additional performance overhead, particularly when the performance overhead from the disaggregated memory system is already minimal.