Cachet: Low-Overhead Integrity Verification on Metadata Cache in Secure Nonvolatile Memory Systems

Data confidentiality, integrity, and persistence are essential in secure nonvolatile memory (NVM) systems. However, coupling authenticated memory encryption with security metadata persistence incurs nonnegligible performance overheads. Particularly, the integrity update process for the metadata cache bottlenecks execution performance. In this article, we propose Cachet, a novel integrity verification scheme. Instead of integrity trees, which require multiple hash calculations to update their integrity, Cachet employs set hash functions to authenticate the metadata cache. The observation that underlies Cachet is that the integrity of the metadata cache is never verified at runtime, and the recovery process necessitates the restoration of all data within the metadata cache. Cachet allows the metadata integrity update with two parallel hash calculations, without imposing additional overheads during system recovery. Our evaluation results show that Cachet reduces execution time by 21%, NVM writes by 30%, and power consumption overheads by 22% compared to state-of-the-art solutions.