Paper 2022/1472

Cryptographic Protection of Random Access Memory: How Inconspicuous can Hardening Against the most Powerful Adversaries be?

Roberto Avanzi, ARM Germany GmbH
Ionut Mihalcea, ARM (United Kingdom)
David Schall, University of Edinburgh
Héctor Montaner, Graphcore
Andreas Sandberg, ARM (United Kingdom)

For both cloud and client applications, the protection of the confidentiality and integrity of remotely processed information is an increasingly common feature request. It is also a very challenging goal to achieve with reasonable costs in terms of memory overhead and performance penalty. In turn, this usually leads to security posture compromises. In this paper we review the main technologies that have been proposed so far to address this problem, as well as some new techniques and combinations thereof. We systematise the treatment of the protection of data in use by starting with models of the adversaries, thus allowing us to define different, yet consistent protection levels. Several different schemes for memory protection are benchmarked for each protection level. We evaluate storage and performance impacts when the benchmarks are the only running tasks and when simulating a server under load. To make just one example of our results: Using advanced techniques to compress counters can make it viable to store them on-chip -- for instance by adding on-chip DRAM that can be as small as to 1/256th of the off-chip memory. This allows for implementations of memory protection providing full confidentiality, integrity and anti-replay protection with hitherto unattained penalties, especially in combination with the repurposing of ECC bits to store integrity tags. The performance penalty on a server with a saturated memory subsystem can thus be contained under 2% with a memory overhead of 1/256 and even under 1% with a memory overhead of 1/128.

Available format(s)
Publication info
Memory Encryption Memory Integrity Security and privacy Hardware-based security protocols
Contact author(s)
roberto avanzi @ gmail com
ionut mihalcea @ arm com
david schall @ ed ac uk
hector montaner @ outlook com
andreas sandberg @ arm com
2022-12-03: last of 6 revisions
2022-10-27: received
See all versions
Short URL
Creative Commons Attribution-NonCommercial-NoDerivs


      author = {Roberto Avanzi and Ionut Mihalcea and David Schall and Héctor Montaner and Andreas Sandberg},
      title = {Cryptographic Protection of Random Access Memory: How Inconspicuous can Hardening Against the most Powerful Adversaries be?},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1472},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.