Metadata-Aware Memory Security

Abstract

Cloud computing reduces infrastructure costs by allowing applications to run on shared servers, but it introduces critical memory security challenges, as users lack control over the underlying hardware and the software co-residing on the same server. One security challenge is physical attacks on memory, such as memory bus snooping, which is addressed through hardware-based memory encryption. While effective, encryption often causes significant time (performance) overhead, especially for irregular workloads. Another challenge is side channels caused by memory sharing, where attackers infer sensitive data through cache or DRAM reuse. As a result, cloud providers often disable memory sharing, sacrificing space (capacity) for security. This thesis focuses on reducing the cost of cloud memory security by optimizing metadata management. It minimizes the time overhead of memory encryption by improving how encryption-related metadata (e.g., write counters) is encoded and accessed. It also addresses the space overhead of memory isolation by novel coding of metadata for memory sharing - physical page number (PPN) of shared page, enabling secure memory sharing without sacrificing efficiency. By managing both types of metadata intelligently, this work reduces the time and space costs of secure cloud memory, offering practical solutions for efficient and secure cloud systems.