CAREER: Security as a First-Class Design Constraint in Computer Architecture

About This Grant

Computers are part of our everyday lives yet the hardware we use is subject to complex security vulnerabilities. Current vulnerability detection approaches at the hardware level focus on post-hoc patches applied after hardware is deployed, but to date these solutions have been short-lived and inadequate for long term protection. Furthermore, standard methods to evaluate security at the computer hardware level are basically non-existent, leading to ad-hoc custom solutions. As a result, industry stakeholders do not have the tools they need to compare the security of different architectural designs and cannot make informed decisions about the trade-offs between performance and security. This project proposes new abstract methods for reasoning about hardware vulnerabilities and builds an evaluation infrastructure that can be easily integrated into commonly used hardware design tools to incorporate security metrics. In addition, this project investigates a new angle for reasoning about vulnerabilities at the computer architecture (or microarchitectural) level resulting in more robust hardware designs. This project introduces a new programming interface for programs to state the desired memory region to be used and an abstract model to represent vulnerable microarchitectural structures. The outcomes of this project have the potential to help industry identify security challenges at hardware design time and make informed decisions about security tradeoffs. The microarchitectural attacks and defenses topics are introduced to computer engineering education as standard modules in both undergraduate and graduate level courses. The developed computer engineering course within the Precollegiate Development Program brings computer engineering concepts to a diverse population of high-school students. The project addresses modern vulnerabilities in the microarchitecture by introducing a new interface to represent expected regions of memory. This new interface helps address the root of most microarchitectural vulnerabilities: the unauthorized access to sensitive data. The project further explores a method to differentiate “normal” from “abnormal” memory access patterns and then uses the normal memory region to establish protection mechanisms. In addition, it expands gem5, a commonly used performance evaluation tool, with abstract-based models that represent microarchitectural attacks to enable computer experts to reason about security challenges. The project includes several case studies in which the proposed security evaluation methods can shed light of the security or insecurity of microarchitectural designs. The novelty of this work lays in exploring a new angle for mitigating microarchitectural vulnerabilities and for exploring security metrics that can be incorporated into the existing hardware design cycle. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.