SaTC: CORE: Medium: Collaborative: Hardening Off-the-Shelf Software Against Side Channel Attacks

SaTC：核心：媒介：协作：强化现成软件以抵御侧通道攻击

• 批准号: 1954521
• 负责人: Christopher Fletcher
• 金额: $ 30万
• 依托单位: University of Illinois at Urbana-Champaign
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2020
• 资助国家: 美国
• 起止时间: 2020-10-01 至 2024-04-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1954521&HistoricalAwards=false
• 关键词: SaTC; CORE; Medium; Collaborative; Hardening

Side channel attacks study leakage due to timing variation in software execution, resulting from contention for hardware resources. By analyzing these variations, an attacker can obtain additional information and use it to deduce the victim’s secrets. As proven by Spectre and Meltdown, these side channel attacks pose a severe threat to the security of nearly all computing devices. Given that side channel protection often requires hardware redesign, something must be done in the interim to secure existing software on currently deployed hardware. This project studies transformations on existing software in an attempt to harden it against side channel attacks. The project consists of three main tasks. In Task 1, the project will attempt to reverse engineer various hardware structures in the processor so as to determine where attacks might occur. Next, in Task 2, the project will use the data from Task 1 to design transformations that will protect leaky software against side channels. Finally, Task 3 will develop methods to confirm that the outputs of Task 2 are indeed side channel free. While typical analysis of side channel leakage requires manual effort, Task 3 aims to develop automated tools for leakage detection, avoiding the need for manual analysis.Hardware is the ultimate root of trust, the correctness of which is the foundation to the security of all software. However, unlike software, hardware security has received much less attention, from both academic and industry. Until new and secure hardware becomes available, the proposed project aims to protect existing software deployed on leaky hardware. While the project cannot hope to eliminate all leakage, it does aim to harden existing software, making leakage harder to exploit. Tools and methodologies developed by this project will be used to design safer hardware, as well as help mitigate leakage in existing software. The project will retain all data, simulators, and code produced in a central GIT repository which will be publicly available at github.com.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

侧通道攻击研究由于硬件资源争用而导致的软件执行中的时序变化造成的泄漏。通过分析这些变化，攻击者可以获得更多信息，并使用这些信息来推断受害者的秘密。正如Spectre和Meltdown所证明的那样，这些侧通道攻击对几乎所有计算设备的安全构成了严重威胁。鉴于侧通道保护通常需要重新设计硬件，在此期间必须采取措施保护当前部署的硬件上的现有软件。这个项目研究对现有软件的转换，试图加强它对旁路攻击的防御。该项目由三项主要任务组成。在任务1中，该项目将尝试对处理器中的各种硬件结构进行反向工程，以确定可能发生攻击的位置。接下来，在任务2中，项目将使用任务1中的数据来设计转换，以保护泄漏的软件不受旁路的影响。最后，任务3将开发方法来确认任务2的输出确实是无旁路的。虽然典型的侧通道泄漏分析需要人工进行，但任务3的目标是开发自动检测泄漏的工具，避免手动分析。硬件是信任的最终根源，其正确性是所有软件安全的基础。然而，与软件不同，硬件安全受到学术界和工业界的关注要少得多。在新的和安全的硬件可用之前，拟议的项目旨在保护部署在泄漏硬件上的现有软件。虽然该项目不能指望消除所有漏洞，但它的目标确实是加强现有软件，使漏洞更难被利用。该项目开发的工具和方法将用于设计更安全的硬件，以及帮助减少现有软件的泄漏。该项目将保留中央GIT库中产生的所有数据、模拟器和代码，该库将在githorb.com上公开提供。该奖项反映了NSF的法定使命，并通过使用基金会的智力优势和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

SynthCT: Towards Portable Constant-Time Code

SynthCT：迈向可移植的恒定时间代码

• DOI: 10.14722/ndss.2022.24215
• 发表时间: 2022
• 期刊: NDSS
• 作者: Dinesh, Sushant;Garrett-Grossman, Grant;Fletcher, Christopher W.
• 通讯作者: Fletcher, Christopher W.