Publications:
- Kazi Abu Zubair, Aziz Mohaisen, Amro Awad, “Filesystem Encryption or Direct-Access for NVM Filesystems?Let’s Have Both!”, in 28th IEEE International Symposium on High-Performance Computer Architecture,HPCA-2022.
- Kazi Abu Zubair, Sudhanva Gurumurthi, Villas Sridharan, Amro Awad, “Soteria: Towards Resilient Integrity-Protected and Encrypted Non-Volatile Memories” in 54th IEEE/ACM International Symposium on Microarchitecture,MICRO-2021.
- Yu Zou, Kazi Abu Zubair, Mazen Alwadi, Rakin Mohammad Shadab, Sanjay Gandham, Amro Awad, Minjie Lin, “ARES: Persistently Secure Non-Volatile Memory with Processor-Transparent And Hardware-Friendly Integrity Verification And Metadata Recovery,” ACM Transactions on Embedded Computing Systems, 2021
- Mazen Alwadi, Kazi Abu Zubair, Aziz Mohaisen, and Amro Awad, “Phoenix: Towards Ultra-Low Overhead, Recoverable, and Persistently Secure NVM,” IEEE Transactions on Dependable and Secure Computing, 2020.
- Kazi Abu Zubiar and Amro Awad, “Ensuring Fast Crash Recovery for Secure NVMs.” in 11th Annual Non-Volatile Memories Workshop, NVMW-2020.
- Kazi Abu Zubiar and Amro Awad, “Anubis: Ultra-Low Overhead and Practical Recovery Time for Secure Non-Volatile Memories.” in 46th International Symposium on Computer Architecture, ISCA-2019
- Mao Ye, Kazi Abu Zubair, Aziz Mohaisen, and Amro Awad, “Towards Low-Cost Mechanisms to Enable Restorationof Encrypted Non-Volatile Memories",IEEE Transactions on Dependable and Secure Computing, 2019
- Amro Awad, Mao Ye, Yan Solihin, Laurent Njilla and Kazi Abu Zubair, “Triad-NVM: Persistency for Integrity-Protected and Encrypted Non-Volatile Memories.” in 46th International Symposium on Computer Architecture, ISCA-2019
- Amro Awad, Suboh Suboh, Kazi Abu Zubair, Mao Ye and Mazen Al-Wadi, “Persistently-Secure Processors: Challenges and Opportunities for Securing Non-Volatile Memories.” in IEEE Computer Society Annual Symposiumon VLSI, ISVLSI-2019.
Filesystems can be hosted in a fast and emerging Non-Volatile Memory (NVM) and accessed directly using the Direct Access (DAX) feature. Unfortunately, such directly accessed filesystems bypasses many filesystem-level operations (due to performance reasons) that are critical in maintaining filesystem security. This work is the first hardware-software co-design that provides filesystem-level security in a DAX filesystem hosted in NVM.
Secure Non-Volatile Memories (NVMs) need to maintain security metadata in NVM, which makes them vulnerable to memory errors. Erroneous security metadata can make gigabytes of data unverifiable and unusable. Moreover, error protection of security metadata is limited to hardware ECC as they are software-transparent. In this paper, we have shown how the availability of security metadata can be significantly improved at an extremely low cost without any complex ECC circuitry.
In this paper, we designed and implemented ARES, a new FPGA-assisted processor-transparent security mechanism. Given the growing prominence of CPU-FPGA heterogeneous computing architectures, ARES leverages FPGA’s hardware reconfigurability to offload performance-critical and security-related functions to the programmable hardware without microprocessors’ involvement. In particular, we propose a Merkle tree cache architecture that partitions a unified cache into multiple levels with parallel accesses and further modify the traditional Merkle tree verification and update processes to fully exploit the parallel cache ports and to fully pipeline time-consuming hashing operations.
In this paper, we extend Anubis to further reduce the cost of guaranteeing fast recovery of parallel Tree-of-Counters (ToC).
A crash-consistent and secure system having Non-Volatile Memory (NVM) must adopt a security metadata recovery mechanism to maintain consistency between data and security metadata. Such a recovery process is time-consuming and can take hours. Anubis is the first work to propose an ultra-fast recovery mechanism that can finish the recovery process in a fraction of a second.
Use of write-back volatile cache for caching security metadata (e.g., encryption counters) can improve performance significantly; however, it also causes post-crash inconsistency between data and security metadata. This paper proposes a low-cost recovery mechanism that can effectively recover encryption counters after a system crash by repurposing the ECC functionality.