SaTC: STARSS: Small: Tackling the Corner Cases: Finding Security Vulnerabilities in CPU Designs

SaTC：STARSS：小型：解决极端情况：查找 CPU 设计中的安全漏洞

• 批准号: 1816637
• 负责人: Cynthia Sturton
• 金额: $ 33.33万
• 依托单位: University of North Carolina at Chapel Hill
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-10-01 至 2022-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1816637&HistoricalAwards=false
• 关键词: SaTC; STARSS; Small; Tackling; Corner

Computing hardware including processors, memory banks, and communication busses can harbor vulnerabilities that allow an attacker to gain unauthorized access to the programs and data on a machine. Hardware designers and security experts expend considerable time and effort to eliminate these vulnerabilities early in the design stage. The focus of this research is to support these activities towards improving efficiency and outcomes. In developing the methodologies and tools to find and contextualize hardware security vulnerabilities, this research will move the field of security validation of hardware designs forward.The research targets the security validation of central processing units in the design stage. The project has two goals: 1) To identify security critical properties of a processor. These properties will be stated in a temporal logic over the register transfer level design. 2) To develop the methodology and tools to automatically find and contextualize violations of those properties. A key innovation of this research will be the application of symbolic execution to hardware designs. In order to make symbolically executing a complex hardware design through multiple clock cycles feasible, the research will develop a targeted, backward search strategy.If successful, the project has the potential to significantly reduce the opportunity for a malicious actor to launch an effective attack against hardware, improving the security of computer systems.The tools, testbenches, papers, and presentations resulting from this research will be available at a site linked from https://cs.unc.edu/~csturton.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

包括处理器、内存条和通信总线在内的计算硬件可能存在漏洞，使得攻击者能够在未经授权的情况下访问机器上的程序和数据。硬件设计人员和安全专家花费大量时间和精力在设计阶段早期消除这些漏洞。这项研究的重点是支持这些活动，以提高效率和成果。在开发发现硬件安全漏洞的方法和工具方面，本研究将推动硬件设计安全验证领域的发展，研究目标是在设计阶段对中央处理器进行安全验证。该项目有两个目标：1)确定处理器的安全关键属性。这些属性将在寄存器传送级设计上的时态逻辑中陈述。2)开发方法和工具，以自动发现违反这些财产的行为并将其与背景联系起来。这项研究的一个关键创新是将符号执行应用到硬件设计中。为了通过多个时钟周期象征性地执行复杂的硬件设计，该研究将开发一种有针对性的向后搜索策略。如果成功，该项目有可能显著减少恶意行为者对硬件发动有效攻击的机会，提高计算机系统的安全性。该研究产生的工具、测试台、论文和演示文稿将在https://cs.unc.edu/~csturton.This奖链接的网站上获得，该奖项反映了美国国家科学基金会的法定使命，并通过使用基金会的智力优势和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Mining Security Critical Linear Temporal Logic Specifications for Processors

采矿安全关键的线性时态逻辑处理器规范

• DOI: 10.1109/mtv.2018.00013
• 发表时间: 2018
• 期刊: 19th International Workshop on Microprocessor and SOC Test and Verification (MTV
• 作者: Deutschbein, Calvin;Sturton, Cynthia
• 通讯作者: Sturton, Cynthia

Evaluating Security Specification Mining for a CISC Architecture

评估 CISC 架构的安全规范挖掘

• DOI: 10.1109/host45689.2020.9300291
• 发表时间: 2020
• 期刊: 2020 IEEE Hardware Oriented Security and Trust (HOST
• 作者: Deutschbein, Calvin;Sturton, Cynthia
• 通讯作者: Sturton, Cynthia

End-to-End Automated Exploit Generation for Processor Security Validation

用于处理器安全验证的端到端自动漏洞利用生成

• DOI: 10.1109/mdat.2021.3063314
• 发表时间: 2021
• 期刊: IEEE Design & Test
• 影响因子: 2
• 作者: Zhang, Rui;Deutschbein, Calvin;Huang, Peng;Sturton, Cynthia
• 通讯作者: Sturton, Cynthia

Isadora: Automated Information Flow Property Generation for Hardware Designs

• DOI: 10.1145/3474376.3487286
• 发表时间: 2021-06
• 期刊: Proceedings of the 5th Workshop on Attacks and Solutions in Hardware Security
• 作者: Calvin Deutschbein;Andres Meza;Francesco Restuccia;R. Kastner;C. Sturton

End-to-End Automated Exploit Generation for Validating the Security of Processor Designs

• DOI: 10.1109/micro.2018.00071
• 发表时间: 2018-10
• 期刊: 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO)
• 作者: Rui Zhang;Calvin Deutschbein;Peng Huang;C. Sturton