Computer systems have become a part of everyday life. As computer systems are found in more devices in a greater number of critical roles, data integrity, including security, has become a greater issue for systems designers. Security threats generally seek to gain control of the system or information held thereon. While tools such as encrypting network traffic have been effective at counteracting security threats originating from outside of a given system, some threats attack the heart of the computer system by attempting to glean information directly from the computer system's processors or operating memory (e.g., memory used to hold a current system state, such as random-access memory (RAM) or the like).
The number of hardware attacks (both invasive and non-invasive) are growing, hoping to gain access to the large amount of sensitive data on computer systems that may be held outside of a processor's trusted zone (e.g. in dynamic RAM (DRAM)). To combat these threats, secure architectures and cryptographic methods are implemented to protect memory operations to prevent an intruder from maliciously tampering with, or gaining access to, the data stored in the memory. The secure architectures generally use three cryptographic primitives: confidentiality; integrity; and freshness.
Confidentiality ensures the privacy of data by encrypting data before it is written to the memory and decrypting the data from the memory. Integrity ensures that the saved data has not been modified (e.g., corrupted or adulterated). Freshness ensures that data is versioned such that old data cannot be reused (e.g., it prevent replay attacks in which valid, but old data is used by an attacker).
In addition to security, protection against data corruption, such as may be caused by energized particles, has also been employed in memories. Memory is often designed as a combination of a controller and data storage. A requesting entity (e.g., user, program, host, etc.) sends read or write requests to a controller, which then stores the data on the storage medium. Operationally, memory is exposed as an array of addressable blocks of a given size (e.g., 512 bits). Read and write operations generally involve one or more addresses being given to the controller, the controller then transforming each request to one or more requests to the data storage. As part of this transformation, the controller may modify the data by, for example, encrypting the data or computing error correction codes (ECCs).
The data storage is often viewed as an array of storage blocks, with basic operations that include reading and writing an entire block at a time. ECC memory typically includes additional space to hold ECCs, resulting in larger storage blocks for the basic operations. For example, a storage block may contain 512 bits for the data and 64 or 128 bits for the ECC data. Generally, the storage is designed such that the additional ECC area is retrieved along with the data (e.g., via a parallel integrated circuit (IC) tied to the storage block address, or via larger storage blocks, etc.). The ECC codes generally provide error detection, and possibly error recovery. In some cases, the controller performs the error detection or correction based on the ECC codes as part of satisfying a read request.