SaTC: CORE: Small: Language Abstractions for Reconfigurable Hardware Monitors on Manycore Architectures

SaTC：CORE：Small：众核架构上可重新配置硬件监视器的语言抽象

• 批准号: 1936794
• 负责人: Avinash Karanth
• 金额: $ 49.94万
• 依托单位: Ohio University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2020
• 资助国家: 美国
• 起止时间: 2020-05-01 至 2025-04-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1936794&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Language; Abstractions

Embedded system security is compromised when an attack exploits pre-existing software flaws in order to gain control of program behavior. Even when the software running on embedded hardware is trusted, an attacker can still insert malicious code when the program is running to compromise system security. Therefore, to mitigate such software attacks on embedded systems, it is critical that both hardware and software are holistically combined into an effective system architecture to safeguard and preserve our nation’s interests. This project will systematically and comprehensively explore the implementation of dynamic security policies with high assurance on reconfigurable hardware with significant reduction in power and latency. This research project will foster new research directions in several areas, spanning programming languages, security policies, computer architecture, reconfigurable hardware and applications, with the potential to significantly transform the design of next-generation embedded manycore architectures. All the research findings and simulation toolkits will be disseminated to the community via conference and journal publications, and a dedicated website. The research will also play a major role in education by integrating discovery with teaching and training. This project will continue to expand outreach activities and broaden participation in computing by making the necessary efforts to attract and train minority students in this field. The design and implementation of high-level language abstractions for specification, verification, and implementation of reconfigurable hardware monitors, with specific emphasis on low-overhead defenses against control- and information-flow attacks is proposed in this project. The overarching goal of this project is to dynamically update hardware in response to program behavior in order to monitor precise security policies with minimal overhead (power, area, time). First, this project will develop high-level language abstractions for implementing dynamic security monitors, those that reconfigure at runtime to enforce precise security properties. To provide high assurance, a verified compiler to an idealized hardware description language together with associated tools such as a verified equational theory will be developed. Second, this project will explore the design and implementation of reusable hardware components against which the high-level language abstractions can be compiled both in uni- and manycore environments. The basic building blocks will be aggregated into coarse-grain reconfigurable arrays (CGRA) that can be tailored to program behavior via state and topology reconfiguration. Third, in software, this project will validate security monitors implementing defenses against code- and control-flow injection attacks, among others. In hardware, this project will extensively model and simulate security monitors using simulation tools to evaluate latency, execution time, power and area overhead on benchmark suites. Finally, this project will validate that the proposed hardware monitors that are generated by the high-level security policies will detect and mitigate attacks. This project will result in (1) novel high-level language abstractions for dynamic security policies implemented on reconfigurable hardware; (2) a verified compiler to an idealized hardware description language together with an equational theory; (3) the design and implementation of reusable hardware components (a basic block) that retain state while allowing policy reconfiguration; (4) the aggregation of basic blocks into CGRA that can be tailored to program behavior via state and topology updates for uni- and manycore architectures; and (5) extensive modeling and simulation of hardware monitors that implement defenses against code- and control-flow injection attacks using benchmarks and tools.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

当攻击者利用预先存在的软件缺陷来控制程序行为时，嵌入式系统的安全性就会受到损害。即使在嵌入式硬件上运行的软件是可信的，攻击者仍然可以在程序运行时插入恶意代码以危及系统安全。因此，为了减轻对嵌入式系统的这种软件攻击，至关重要的是，硬件和软件都被整体地结合到一个有效的系统架构中，以保护和维护我们国家的利益。该项目将系统和全面地探索在可重构硬件上实现高保证的动态安全策略，并显著降低功耗和延迟。该研究项目将在多个领域促进新的研究方向，涵盖编程语言，安全策略，计算机体系结构，可重构硬件和应用程序，并有可能显着改变下一代嵌入式众核架构的设计。所有的研究结果和模拟工具包将通过会议和期刊出版物以及一个专门的网站向社区传播。该研究还将通过将发现与教学和培训相结合，在教育中发挥重要作用。该项目将继续扩大外联活动，并通过作出必要努力吸引和培训少数群体学生参与计算。在这个项目中，提出了高层次的语言抽象的规范，验证和可重构硬件监视器的实现，特别强调对控制和信息流攻击的低开销防御的设计和实施。该项目的首要目标是动态更新硬件以响应程序行为，从而以最小的开销（功耗、面积、时间）监控精确的安全策略。 首先，该项目将开发用于实现动态安全监视器的高级语言抽象，这些监视器在运行时重新配置以实施精确的安全属性。为了提供高保证，一个验证编译器的理想化的硬件描述语言连同相关的工具，如验证方程理论将被开发。其次，本项目将探讨可重用硬件组件的设计和实现，针对这些硬件组件，可以在单核和众核环境中编译高级语言抽象。基本构建块将被聚合成粗粒度可重构阵列（CGRA），可以通过状态和拓扑重构来定制程序行为。第三，在软件方面，该项目将验证安全监视器实现对代码和控制流注入攻击的防御。在硬件方面，该项目将使用模拟工具对安全监视器进行广泛的建模和模拟，以评估基准套件的延迟，执行时间，功耗和面积开销。最后，该项目将验证由高级安全策略生成的拟议硬件监视器将检测和减轻攻击。本计画的成果包括：（1）新的高阶语言抽象，用以描述可重组态硬体上的动态安全策略;（2）一个经过验证的编译器，用以编译一个理想化的硬体描述语言与一个方程式理论;（3）可重复使用的硬体元件的设计与实作（基本块）保留状态，同时允许策略重新配置;（4）将基本块聚集到CGRA中，该CGRA可以经由用于单核和众核架构的状态和拓扑更新而被定制为程序行为;以及（5）使用基准测试和工具对硬件监控器进行广泛的建模和仿真，以实现对代码和控制流注入攻击的防御。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Reflections of Cybersecurity Workshop for K-12 Teachers and High School Students

K-12 教师和高中生网络安全研讨会的思考

• DOI: 10.1145/3478432.3499094
• 发表时间: 2022
• 期刊: 54th ACM Technical Symposium on Computer Science Education (SIGCSE'23
• 作者: Mourning, Chad;Juedes, David;Hallman-Thrasher, Allyson;Chenji, Harsha;Kaya, Savas;Karanth, Avinash
• 通讯作者: Karanth, Avinash

Fine-Grain Reconfigurable Logic Circuits for Adaptive and Secure Computing via Work-Function Engineered Schottky Barrier FinFETs

通过功函数设计的肖特基势垒 FinFET 实现自适应和安全计算的细粒度可重构逻辑电路

• DOI: 10.1109/jxcdc.2021.3120977
• 发表时间: 2021
• 期刊: IEEE Journal on Exploratory Solid-State Computational Devices and Circuits
• 影响因子: 2.4
• 作者: Canan, Talha F.;Kaya, Savas;Chenji, Harsha;Karanth, Avinash
• 通讯作者: Karanth, Avinash

DAGGER: Exploiting Language Semantics for Program Security in Embedded Systems

DAGGER：利用语言语义实现嵌入式系统中的程序安全

• 发表时间: 2023
• 期刊: 24th International Symposium on Quality Electronic Design
• 作者: Garrett Cunningham, David Juedes