Digital Library[ Search Result ]
A Software-based Secure Disaggregated Memory System on Commodity Servers
Yewon Yong, Taehoon Kim, Sungho Lee, Changdae Kim
http://doi.org/10.5626/JOK.2024.51.9.757
A disaggregated memory system is a technology that consolidates memory from multiple servers. While this technique provides large amounts of memory for applications, it also poses serious security threats due to sensitive data transmission between servers. Several studies have addressed this issue by relying on specialized hardware. However, the use of such hardware introduces not only additional costs but also challenges in adopting it on commercial servers because of compatibility issues. In this paper, we propose a software-based mechanism to ensure the security of disaggregated memory systems. Our approach aims to prevent security threats by performing encryption and integrity verification on data transmitted between servers within a disaggregated memory system. To minimize the performance overhead associated with software implementation, our approach overlaps data transmission and decryption, and encrypts only private data. In addition, we optimize the size of encryption metadata to reduce memory overhead. Through empirical evaluations, we demonstrate that our proposed software-based security mechanism incurs negligible additional performance overhead, particularly when the performance overhead from the disaggregated memory system is already minimal.
Design and Implementation of Efficient Mitigation against Return-oriented Programming
Jeehong Kim, Inhyeok Kim, Changwoo Min, Young Ik Eom
An ROP attack creates gadget sequences which consist of existing code snippets in a program, and hijacks the control flow of a program by chaining and executing gadget sequences consecutively. Existing defense schemes have limitations in that they cause high execution overhead, an increase in the binary size overhead, and a low applicability. In this paper, we solve these problems by introducing zero-sum defender, which is a fast and space-efficient mitigation scheme against ROP attacks. We find a fundamental property of gadget execution in which control flow starts in the middle of a function without a call instruction and ends with a return instruction. So, we exploit this property by monitoring whether the execution is abused by ROP attacks. We achieve a very low runtime overhead with a very small increase in the binary size. In our experimental results, we verified that our defense scheme prevents real world ROP attacks, and we showed that there is only a 2% performance overhead and a 1% binary size increase overhead in several benchmarks.
Search
Journal of KIISE
- ISSN : 2383-630X(Print)
- ISSN : 2383-6296(Electronic)
- KCI Accredited Journal
Editorial Office
- Tel. +82-2-588-9240
- Fax. +82-2-521-1352
- E-mail. chwoo@kiise.or.kr