EAGER: Identifying Security Critical Properties of a Processor

EAGER：识别处理器的安全关键属性

• 批准号: 1651276
• 负责人: Cynthia Sturton
• 金额: $ 15万
• 依托单位: University of North Carolina at Chapel Hill
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2016
• 资助国家: 美国
• 起止时间: 2016-09-15 至 2018-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1651276&HistoricalAwards=false
• 关键词: EAGER; Identifying; Security; Critical; Properties

This project focuses on shoring up the security vulnerabilities that exist in computer processors. Just like in software, bugs in hardware present vulnerabilities that can be exploited by determined attackers. Prior work has developed a method whereby the processor monitors itself and sends an alert to software whenever dangerous, anomalous behavior is observed. The question of what constitutes dangerous behavior is an open one, and tackling it is the goal of this research. In doing so the project has the potential to make self-monitoring processors practical and efficacious, significantly advancing the state of the art in protecting hardware from malicious attack.The self-monitoring processor works by encoding in hardware the properties that a processor should always maintain and then throwing an exception to software if one of the properties is ever violated. In this project, the researchers develop a semi-automated methodology and tool-chain to identify and build the security-critical properties encoded in a hardware design language. The project uses a set of already-patched bugs of a processor design to automatically create an initial set of security-critical properties, and machine learning techniques to infer an additional set of properties that are not tied to any particular known vulnerability, yet are critical to security.

这个项目的重点是加强存在于计算机处理器中的安全漏洞。就像在软件中一样，硬件中的错误也存在漏洞，可以被坚定的攻击者利用。先前的工作已经开发了一种方法，通过该方法，处理器可以监控自己，并在观察到危险的异常行为时向软件发送警报。什么构成危险行为的问题是一个开放的问题，解决这个问题是这项研究的目标。在这样做的过程中，该项目有可能使自我监控处理器实用和有效，显着推进保护硬件免受恶意攻击的最新技术。自我监控处理器的工作原理是在硬件中编码处理器应该始终保持的属性，然后在其中一个属性被违反时向软件抛出异常。在这个项目中，研究人员开发了一种半自动化的方法和工具链来识别和构建以硬件设计语言编码的安全关键属性。该项目使用一组已经修补的处理器设计错误来自动创建一组初始的安全关键属性，并使用机器学习技术来推断一组与任何特定已知漏洞无关但对安全至关重要的附加属性。

项目成果

End-to-End Automated Exploit Generation for Validating the Security of Processor Designs

• DOI: 10.1109/micro.2018.00071
• 发表时间: 2018-10
• 期刊: 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO)
• 作者: Rui Zhang;Calvin Deutschbein;Peng Huang;C. Sturton

Identifying Security Critical Properties for the Dynamic Verification of a Processor

识别处理器动态验证的安全关键属性

• DOI: 10.1145/3037697.3037734
• 发表时间: 2017
• 期刊: Proceedings of the Twenty-Second International Conference on Architectural Support for Programming Languages and Operating Systems
• 作者: Zhang, Rui;Stanley, Natalie;Griggs, Christopher;Chi, Andrew;Sturton, Cynthia
• 通讯作者: Sturton, Cynthia

End-to-End Automated Exploit Generation for Processor Security Validation

用于处理器安全验证的端到端自动漏洞利用生成

• DOI: 10.1109/mdat.2021.3063314
• 发表时间: 2021
• 期刊: IEEE Design & Test
• 影响因子: 2
• 作者: Zhang, Rui;Deutschbein, Calvin;Huang, Peng;Sturton, Cynthia
• 通讯作者: Sturton, Cynthia

A recursive strategy for symbolic execution to find exploits in hardware designs

用于寻找硬件设计漏洞的符号执行递归策略

• DOI: 10.1145/3219763.3219764
• 发表时间: 2018
• 期刊: Proceedings of the 2018 ACM SIGPLAN International Workshop on Formal Methods and Security
• 作者: Zhang, Rui;Sturton, Cynthia
• 通讯作者: Sturton, Cynthia