CRII: SaTC: Mitigating Software-Based Microarchitectural Attacks via Secure Microcode Customization

CRII：SaTC：通过安全微代码定制缓解基于软件的微架构攻击

• 批准号: 1850436
• 负责人: Ashish Venkat
• 金额: $ 17.5万
• 依托单位: University of Virginia Main Campus
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-03-01 至 2022-02-28
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1850436&HistoricalAwards=false
• 关键词: CRII; SaTC; Mitigating; Software; Based

Modern high-performance processors implement complex microarchitectural optimizations involving speculative execution which has recently been shown to be vulnerable to a type of malicious attack called Spectre. This project will investigate a microarchitectural solution framework to secure against such attacks. This framework, called context-sensitive fencing, will seek to automatically track and detect malicious execution patterns dynamically to trigger defense code without programmer intervention and with minimal impact on processor performance.This research will investigate a high performance defense strategy with three novel components: (a) secure microcode customization which leverages the processor's microcode engine to enable the surgical injection of Spectre defense code (e.g., speculation fences) into the dynamic instruction stream without the need for software patching, (b) a decoder-level information flow tracking framework which detects spurious execution patterns that result in the mis-training of core microprocessor structures such as the branch predictor, and (c) microarchitecture hardening mechanisms that shield sensitive microarchitectural structures against the malicious side effects of speculative execution, to further enable a security-aware processor architecture design.The reconfigurable microcode-level defense proposed by this research may address the Spectre attack which affects millions of users. This project will train and mentor graduate and undergraduate students and is expected to facilitate development of a hardware security course to be delivered in-class and online.The results from this research will be disseminated in the form of publications, presentations, design reports, course materials, and source code, and will be hosted publicly for the length of this project and beyond, on the investigator's website at http://www.cs.virginia.edu/venkat.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

现代的高性能处理器实施了复杂的微体系式优化，涉及投机执行，最近已证明这很容易受到一种称为Specter的恶意攻击。 该项目将研究一个微体系式解决方案框架，以保护此类攻击。 This framework, called context-sensitive fencing, will seek to automatically track and detect malicious execution patterns dynamically to trigger defense code without programmer intervention and with minimal impact on processor performance.This research will investigate a high performance defense strategy with three novel components: (a) secure microcode customization which leverages the processor's microcode engine to enable the surgical injection of Spectre defense code (e.g., speculation fences) into the dynamic instruction stream without the need for software patching, (b) a decoder-level information flow tracking framework which detects spurious execution patterns that result in the mis-training of core microprocessor structures such as the branch predictor, and (c) microarchitecture hardening mechanisms that shield sensitive microarchitectural structures against the malicious side effects of speculative execution, to further enable a security-aware processor architecture design.The这项研究提出的可重新配置的微码级防御可能会解决影响数百万用户的幽灵攻击。 该项目将培训和导师的毕业生和本科生，并有望促进开发要在课堂和在线上交付的硬件安全课程。这项研究的结果将以出版物，演示，设计报告，课程材料和源代码的形式传播，并将公开托管该项目的长度，并在该项目的网站上，在研究员的网站上，在研究员的网站上，在研究员的网站上，在研究员的网站上托管。 http://www.cs.virginia.edu/venkat.this奖反映了NSF的法定任务，并且使用基金会的知识分子优点和更广泛的影响审查标准，被认为值得通过评估来获得支持。

项目成果

Context-Sensitive Fencing: Securing Speculative Execution via Microcode Customization

• DOI: 10.1145/3297858.3304060
• 发表时间: 2019-04
• 期刊: Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems
• 作者: Mohammadkazem Taram;A. Venkat;D. Tullsen

Mitigating Speculative Execution Attacks via Context-Sensitive Fencing

通过上下文敏感防护减轻推测执行攻击

• DOI: 10.1109/mdat.2022.3152633
• 发表时间: 2022
• 期刊: IEEE Design & Test
• 影响因子: 2
• 作者: Taram, Mohammadkazem;Venkat, Ashish;Tullsen, Dean
• 通讯作者: Tullsen, Dean

I See Dead µops: Leaking Secrets via Intel/AMD Micro-Op Caches

我看到死微操作：通过 Intel/AMD 微操作缓存泄露秘密

• DOI: 10.1109/isca52012.2021.00036
• 发表时间: 2021
• 期刊: 2021 ACM/IEEE 48th Annual International Symposium on Computer Architecture (ISCA
• 作者: Ren, Xida;Moody, Logan;Taram, Mohammadkazem;Jordan, Matthew;Tullsen, Dean M.;Venkat, Ashish
• 通讯作者: Venkat, Ashish

Context-Sensitive Decoding: On-Demand Microcode Customization for Security and Energy Management

上下文相关解码：用于安全和能源管理的按需微代码定制

• DOI: 10.1109/mm.2019.2910507
• 发表时间: 2019
• 期刊: IEEE Micro
• 影响因子: 3.6
• 作者: Taram, Mohammadkazem;Venkat, Ashish;Tullsen, Dean M.
• 通讯作者: Tullsen, Dean M.