CAREER: A Quantitative Framework for Analyzing and Mitigating Microarchitectural Side Channels

职业：分析和缓解微架构侧通道的定量框架

• 批准号: 2046359
• 负责人: Mengjia Yan
• 金额: $ 51.2万
• 依托单位: Massachusetts Institute of Technology
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-02-15 至 2026-01-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2046359&HistoricalAwards=false
• 关键词: CAREER; Quantitative; Framework; Analyzing; Mitigating

Microarchitectural side-channel attacks that breach processor security and broadly affect computer systems have become one of the major security threats. Those attacks exploit the fact that software, when executing on modern processors, leaves traces on microarchitecture structures, and the traces can reveal private user information. Current defenses against microarchitectural side-channel attacks aim to reduce information leakage but unavoidably incur performance overhead, because they lose the capability of fully exploiting performance optimizations in computing systems. This project will develop a toolset to enable productive trade-offs between security and performance in mitigating microarchitectural side-channel attacks.The project tackles fundamental research problems in designing, evaluating, and using channel obfuscation techniques. The technical approach is to frame microarchitectural side channels, a computer architecture security problem, as a communication problem, and constructs quantitative channel models for microarchitectural structures. The first project thrust constructs the quantitative channel models, characterizing and quantifying the impacts of complex hardware events. The second thrust uses the channel models to measure the information leakage of the applications running on obfuscated architectures. The third thrust explores co-design channel obfuscation techniques with existing mitigation and detection solutions.The project will develop a toolset to mitigate microarchitectural side-channel attacks efficiently. The toolset can benefit a wide range of people who design, manage, and use computing systems, including computer architects, system administrators, and software developers. In addition, this project will initiate an effort on course offerings in the area of hardware security at Massachusetts of Technology. This project will also offer research opportunities to undergraduate students and under-represented minorities. This project will store all publications, code, and data-sets on public-facing websites, hosted at Massachusetts of Technology for at least 3 years after the end of the project. This information will be made available via commercial websites. Links to these websites will be mirrored at http://people.csail.mit.edu/mengjia/projects.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

微体系结构侧信道攻击破坏处理器的安全性，广泛影响计算机系统，已成为主要的安全威胁之一。这些攻击利用了这样一个事实，即软件在现代处理器上运行时，会在微架构结构上留下痕迹，而这些痕迹可能会泄露私人用户信息。当前针对微架构侧通道攻击的防御旨在减少信息泄漏，但不可避免地会带来性能开销，因为它们失去了在计算系统中充分利用性能优化的能力。该项目将开发一个工具集，以便在安全性和性能之间进行有效的权衡，以减轻微架构侧信道攻击。该项目解决了设计、评估和使用信道混淆技术的基本研究问题。技术方法是将微体系结构侧信道（计算机体系结构安全问题）作为通信问题，并构建微体系结构的定量信道模型。第一个项目推力构建了定量渠道模型，描述和量化了复杂硬件事件的影响。第二个要点使用通道模型来度量运行在模糊体系结构上的应用程序的信息泄漏。第三个重点探讨了现有缓解和检测解决方案的共同设计通道混淆技术。该项目将开发一个工具集来有效地减轻微架构侧信道攻击。该工具集可以使设计、管理和使用计算系统的广泛人员受益，包括计算机架构师、系统管理员和软件开发人员。此外，该项目还将启动麻省理工学院硬件安全领域的课程设置。该项目还将为本科生和少数族裔提供研究机会。该项目将在面向公众的网站上存储所有出版物、代码和数据集，在项目结束后的至少3年内托管在麻省理工学院。这些信息将通过商业网站提供。这些网站的链接将在http://people.csail.mit.edu/mengjia/projects.This上得到反映，该奖项反映了美国国家科学基金会的法定使命，并通过基金会的知识价值和更广泛的影响审查标准进行评估，认为值得支持。

项目成果

EntryBleed: A Universal KASLR Bypass against KPTI on Linux

• DOI: 10.1145/3623652.3623669
• 发表时间: 2023-10
• 期刊: Proceedings of the 12th International Workshop on Hardware and Architectural Support for Security and Privacy
• 作者: William Liu;Joseph Ravichandran;Mengjia Yan

Pensieve: Microarchitectural Modeling for Security Evaluation

Pensieve：用于安全评估的微架构建模

• DOI: 10.1145/3579371.3589094
• 发表时间: 2023
• 期刊: ACM
• 作者: Yang, Yuheng;Bourgeat, Thomas;Lau, Stella;Yan, Mengjia
• 通讯作者: Yan, Mengjia

Metior: A Comprehensive Model to Evaluate Obfuscating Side-Channel Defense Schemes

Metior：评估混淆侧通道防御方案的综合模型

• DOI: 10.1145/3579371.3589073
• 发表时间: 2023
• 期刊: 49th Annual International Symposium on Computer Architecture
• 作者: Deutsch, Peter W.;Na, Weon Taek;Bourgeat, Thomas;Emer, Joel S.;Yan, Mengjia
• 通讯作者: Yan, Mengjia

There’s Always a Bigger Fish: A Clarifying Analysis of a Machine-Learning-Assisted Side-Channel Attack

总有更大的鱼：机器学习辅助侧通道攻击的澄清分析

• DOI: 10.1109/mm.2023.3273457
• 发表时间: 2023
• 期刊: IEEE Micro
• 影响因子: 3.6
• 作者: Cook, Jack;Drean, Jules;Behrens, Jonathan;Yan, Mengjia
• 通讯作者: Yan, Mengjia