Collaborative Research: SaTC: CORE: Medium: Leakage-free Isolated Execution: Architectures and Security Models

协作研究：SaTC：核心：中：无泄漏隔离执行：架构和安全模型

• 批准号: 2053383
• 负责人: Nael Abu-Ghazaleh
• 金额: $ 50.54万
• 依托单位: University of California-Riverside
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-07-01 至 2025-06-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2053383&HistoricalAwards=false
• 关键词: Collaborative; Research; SaTC; CORE; Medium

Isolated execution is a hardware-supported security model used to protect programs from compromised or untrusted systems such as on the cloud. This project will develop next generation isolated execution systems that improve state-of-the-art along three dimensions. This project will develop a formal theoretical framework to study attacks and defenses and develop new solutions against side channel attacks based on the concept of composable resources.This project is organized into three thrusts. First, defenses against side channel leakage in isolated execution environments based on a new idea of composable resource-lets will be explored: these are fine-grained resources that can be combined to create isolated resource partitions for security. Second, the notion of isolated execution will be extended beyond a CPU to cover a heterogeneous system. Finally, new formalisms that allow reasoning about both vulnerabilities and defenses to reach strong guarantees of security will be introduced. Isolated execution for CPUs is available in products and continues to receive commercial and research interest. This project will substantially improve the security and applicability of isolated execution systems by providing protection against side channel attacks and by extending them beyond the CPU to operate in modern heterogeneous systems. This project will provide research opportunities for underrepresented students. New educational material on isolated execution and heterogeneous system security will be developed and integrated into classes.The project repository (available at https://github.com/seas-ucr/LFIE) will be maintained for at least 3 years beyond the end of the grant. It will hold all software byproducts from the project.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

隔离执行是一种硬件支持的安全模型，用于保护程序免受受损或不受信任的系统（如云）的影响。 该项目将开发下一代隔离执行系统，提高国家的最先进的沿着三个方面。 本项目将开发一个正式的理论框架来研究攻击和防御，并基于可组合资源的概念开发新的解决方案来对抗侧信道攻击。本项目分为三个方面。首先，防御侧通道泄漏隔离执行环境的基础上的一个新的想法组合资源，让将探讨：这些是细粒度的资源，可以结合起来创建隔离的资源分区的安全性。 其次，隔离执行的概念将扩展到CPU之外，以覆盖异构系统。 最后，新的形式主义，允许推理的漏洞和防御，以达到强有力的安全保证将被引入。 CPU的隔离执行在产品中可用，并继续受到商业和研究兴趣。 该项目将通过提供对侧通道攻击的保护并将其扩展到CPU之外以在现代异构系统中运行，从而大大提高隔离执行系统的安全性和适用性。 该项目将为代表性不足的学生提供研究机会。 关于隔离执行和异构系统安全的新教材将被开发并整合到课堂中。项目存储库（可在https：//github.com/seas-ucr/LFIE获得）将在资助结束后至少维护3年。 该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Spy in the GPU-box: Covert and Side Channel Attacks on Multi-GPU Systems

• DOI: 10.1145/3579371.3589080
• 发表时间: 2022-03
• 期刊: Proceedings of the 50th Annual International Symposium on Computer Architecture
• 作者: S. B. Dutta;Hoda Naghibijouybari;Arjun Gupta;Nael B. Abu-Ghazaleh;A. Márquez;K. Barker

It's all in your head(set): Side-channel attacks on AR/VR systems

• 发表时间: 2023
• 作者: Yicheng Zhang;Carter Slocum;Jiasi Chen;Nael B. Abu-Ghazaleh

Microarchitectural Attacks in Heterogeneous Systems: A Survey

• DOI: 10.1145/3544102
• 发表时间: 2022-06
• 期刊: ACM Computing Surveys
• 影响因子: 16.6
• 作者: Hoda Naghibijouybari;Esmaeil Mohammadian Koruyeh;Nael B. Abu-Ghazaleh

Leaky Buddies: Cross-Component Covert Channels on Integrated CPU-GPU Systems

• DOI: 10.1109/isca52012.2021.00080
• 发表时间: 2020-11
• 期刊: 2021 ACM/IEEE 48th Annual International Symposium on Computer Architecture (ISCA)
• 作者: Sankha Baran Dutta;Hoda Naghibijouybari;N. Abu-Ghazaleh;A. Márquez;K. Barker