We present Memclave, a software-only framework that brings code integrity and data confidentiality to commodity PIM without hardware changes. A TPM-attested hypervi- sor permanently isolates the PIM’s control plane from host access at boot. On each in-memory core, a trusted loader authenticates the user kernel and establishes a per-session protected data path. Memclave preserves the programming model and kernel code: host applications replace a small set of data-movement calls with secure drop-ins, keeping the trusted computing base small and porting effort low. We implement Memclave on off-the-shelf UPMEM DIMMs and evaluate it across the PrIM benchmark suite, covering heterogeneous memory-access, compute, and synchronization patterns. After a one-time ∼100 ms authenticated load, in-memory kernel time remains close to the PIM baseline: Multilayer Perceptron (MLP) stays within 1.5× at practical sizes, and Breadth–First Search (BFS) is 1.1× on some graphs with modest rise as number of frontier levels increase.
Usenix Security Symposium (USENIX-Security)
2026-06-01
2026-06-23