Ensuring Data Confidentiality in eADR-Based NVM Systems

Extended Asynchronous DRAM Refresh (eADR) proposed by Intel extends the persistence domain from the Non-Volatile Memory (NVM) to CPU caches and offers the persistence guarantee. Due to allowing lazy persistence and decreasing the amounts of instructions, eADR-based NVM systems significantly improve performance. When the persistence boundary moves up to caches for high performance, existing designs however fail to provide efficient encryption schemes to ensure data confidentiality in eADR-based NVM systems. Once the system crashes, eADR has to flush the un-encrypted data from the cache into NVM, in which security issues occur due to the persistence of caches. In order to ensure data confidentiality, in eADR-based NVM systems, we propose a cost-efficient Sepencr that is able to encrypt the cached data. Our evaluation results show that compared with directly encrypting data in the cache, our design significantly reduces system overheads while efficiently ensuring data confidentiality.