In modern secure memory systems, confidentiality and integrity protection add additional metadata (called security metadata) that are accessed during memory data accesses. Security metadata are cached in on-chip metadata caches to reduce the access cost. However, prior studies overlook the differences between security metadata caching and data caching. Metadata caches are managed similarly to data caches.

We identify three special features of security metadata caching. Due to these features, existing management methods face two problems. First, there are frequent security metadata accesses and many metadata cache misses, because the best metric (i.e., reuse distance) used to select replacement victims in data caches is suboptimal for metadata caches. Second, the miss penalty is large since misses suffer from long security metadata update and verification chains. The two problems significantly increase data access latency, thereby degrading system performance.

We propose SECRET, a security metadata oriented cache management framework. SECRET reduces accesses and misses by selecting victims based on a new metric superior to reuse distances, called the connections between cached security metadata. We identify this metric by developing an optimal replacement decision search approach and analyzing the optimal decisions. SECRET reduces the miss penalty by actively breaking update chains and parallelizing verification chains. Experimental results show that SECRET reduces the data read (write) latency by 30.2% (59.9%) and improves system performance by 26.2% compared with the state-of-the-art designs.