| Introducing non-volatile memories into the traditional memory system is an effective way to alleviate the storage wall problem.However,due to the device characteristics of NVM,which are completely different from traditional memory devices,such as nonvolatility and poor durability,the important data stored in the memory may be eavesdropped or tampered by malicious attackers through bus monitoring,replay attacks,etc.The persistent memory system faces huge data security threats.Therefore,it is necessary to build a secure persistent memory system for data security threats.The secure persistent memory system uses technical means such as data encryption and integrity verification to solve the security problem of memory data,but it introduces system overhead and reduces overall performance and efficiency.For a secure and persistent encrypted memory system,there is an association between data requests and metadata requests,which leads to request waiting,increases request queuing and processing delay,and affects system efficiency.A memory request scheduling scheme SDA(SDA,Scheduling Scheme Based on Data Type and Access Mode)based on data type and access method is proposed.According to the importance of two different types of data,data and security metadata,a scheduling priority standard for a secure persistent memory system is established,an address conflict judgment circuit is designed,the request type is judged according to the access address,and scheduling is performed according to the SDA scheme,which solves the problem of metadata.Aiming at the problem of frequent verification and "lowercase" in the integrity read verification process due to the mismatch between the existing integrity verification design scheme and the access granularity of NVM devices,an integrity verification scheme CGIVS(CGIVS,Coarse-Grained Integrity Verification Scheme)based on coarse-grained access is proposed.By dividing coarsegrained access groups and sharing verification counters,verification computations can be reduced.Design a new node structure to integrate counters and message authentication codes to reduce "lowercase".The traditional scheduling scheme FCFS,FRFCFS and the latest parallel scheduling scheme WPo R for the new multi-partition NVM memory are used as the baseline.The experiment results show that the use of the SDA scheduling scheme can effectively reduce the delay of the encryption and decryption access process,and the average delay is reduced,and the number of instructions executed per clock is 15%~20% higher than the comparison scheme on average.Comparing the integrity verification scheme of Merkle Tree and Bonsai Merkle Tree with the optimization scheme CGIVS,the performance of the system is improved by about 40% and 11%,respectively.Compared with the integrity verification structure VAULT and Morphable Counters,the space overhead of the CGIVS scheme is reduced by 69.2%. |
