Embedded non-volatile memory (eNVM) enhances computational efficiency and data retention but introduces multifaceted security risks—including side-channel attacks, fault injection, probe analysis, information leakage, denial-of-service (DoS), and thermal attacks—stemming from its intrinsic physical properties (e.g., data retention) and architectural design. Method: This work establishes the first comprehensive, multi-dimensional security taxonomy for eNVM, integrating architectural security analysis, multimodal physical/logical threat modeling, evaluation of PUF/TRNG and obfuscation techniques, and bibliometric trend analysis. Contribution/Results: We propose a security threat–countermeasure mapping matrix that exposes the inherent tension between data retention and security; identify critical research gaps; clarify eNVM’s dual-role nature—as both enabler and vulnerability—in SoC trusted roots; and provide a systematic design guideline for high-assurance eNVM architectures.

The modern semiconductor industry requires memory solutions that can keep pace with the high-speed demands of high-performance computing. Embedded non-volatile memories (eNVMs) address these requirements by offering faster access to stored data at an improved computational throughput and efficiency. Furthermore, these technologies offer numerous appealing features, including limited area-energy-runtime budget and data retention capabilities. Among these, the data retention feature of eNVMs has garnered particular interest within the semiconductor community. Although this property allows eNVMs to retain data even in the absence of a continuous power supply, it also introduces some vulnerabilities, prompting security concerns. These concerns have sparked increased interest in examining the broader security implications associated with eNVM technologies. This paper examines the security aspects of eNVMs by discussing the reasons for vulnerabilities in specific memories from an architectural point of view. Additionally, this paper extensively reviews eNVM-based security primitives, such as physically unclonable functions and true random number generators, as well as techniques like logic obfuscation. The paper also explores a broad spectrum of security threats to eNVMs, including physical attacks such as side-channel attacks, fault injection, and probing, as well as logical threats like information leakage, denial-of-service, and thermal attacks. Finally, the paper presents a study of publication trends in the eNVM domain since the early 2000s, reflecting the rising momentum and research activity in this field.