Adaptive security management of real-time storage applications over NAND based storage systems

• Establishing the model of security-critical storage applications based on security protection of NAND flash systems..
• Deriving a dynamic model that captures the vulnerability and utilization constraints in NAND-based storage systems.
• Designing a feedback control loop to guarantee security performance and soft real-time requirements.
• Employing two PI controllers to achieve the utilization and vulnerability control in one framework.

Embedded devices are much easier to be stolen or lost due to the characteristics of mobility and less caring, which may result in the information disclosure and privacy loss without any security protection of critical data. With the advantages of low cost and fast access speed, non-volatile memories (NVMs) like NAND flash memory have become a critical component in building security-critical real-time embedded devices. Therefore, to improve the security protection of NVM-based embedded systems becomes a great challenge. In this paper, we are interested in online optimization of security-sensitive storage applications over modern NVM-based embedded systems, whose workloads are unpredictable but have explicit timing constraint and certain security constraint. Sensitive data must be stored before a specific deadline, otherwise it will lose its validity. To address these challenges, this paper presents a Feedback Vulnerability and Utilization Control (FVUC) mechanism. FVUC employs two proportional–integral controllers, the Utilization Controller and the Vulnerability Controller, to build a big feedback loop which dynamically monitors the system run-time status as well as decides how many flash pages would be encrypted by a cryptography service. Relied on the accurate model and design, FVUC can make a balance between the utilization and vulnerability, and achieve a better overall performance. Based on synthetic experiments, we obtain that FVUC can fully beat other three mechanisms on the overall performance with acceptable time overhead. Equipped with proportional–integral controller, FVUC can make the system more stable than the one with only proportional controller. The proposed mechanism can be utilized to resist on-line confidential attack and even achieve the off-line privacy protection when embedded devices are lost or stolen.