面向敏感进程的相变内存加密方法

Sensitive-process oriented memory encryption for PCM

相变内存(PCM)由于非易失的特点,其应用受到了安全性问题的挑战。研究人员提出了很多内存加密方法来保护内存中数据的机密性,这些技术主要是对全对内存进行加密,增加了系统性能的开销。本文提出基于敏感进程的相变内存加密方法,采用三级计数器,有效消除计数器溢出的可能性;采用进程空间地址作为加密种子的组成部分,可支持虚拟内存功能;针对进程内存空间中的数据,使用计数器模式加密,针对共享内存空间,使用直接加密模式进行加密,从而支持了进程间调用功能。本文提出的方法只对敏感进程的内存数据进行加密,大幅减少了加解密数据的数量,有效降低内存加密对系统性能的损耗。

Because of non-volatile feature of phase change memory （PCM） , the usage of PCM has the challenges of security is-sues. Researchers have proposed memory encryption technologies to protect data in memory, which mainly aim at the whole memory, but introduce much cost of system performance. This paper presents an approach of memory encryption based on sensi-tive processes. It has three-level counters based on counter-mode encryption to eliminate the possibility of counter overflow？ uses process address as a part of seed to support virtual memory, uses counter-mode encryption for data in process memory, and uses direct encryption for shared memory to support inter-process call. This approach only encrypts the data accessed by process, so that it can reduce total amount of encryption data and performance cost effectively.