Collaborative Research: SaTC: CORE: Medium: Leakage-free Isolated Execution: Architectures and Security Models

协作研究：SaTC：核心：中：无泄漏隔离执行：架构和安全模型

• 批准号: 2053383
• 负责人: Nael Abu-Ghazaleh
• 金额: $ 50.54万
• 依托单位: University of California-Riverside
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-07-01 至 2025-06-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2053383&HistoricalAwards=false
• 关键词: Collaborative; Research; SaTC; CORE; Medium

Isolated execution is a hardware-supported security model used to protect programs from compromised or untrusted systems such as on the cloud. This project will develop next generation isolated execution systems that improve state-of-the-art along three dimensions. This project will develop a formal theoretical framework to study attacks and defenses and develop new solutions against side channel attacks based on the concept of composable resources.This project is organized into three thrusts. First, defenses against side channel leakage in isolated execution environments based on a new idea of composable resource-lets will be explored: these are fine-grained resources that can be combined to create isolated resource partitions for security. Second, the notion of isolated execution will be extended beyond a CPU to cover a heterogeneous system. Finally, new formalisms that allow reasoning about both vulnerabilities and defenses to reach strong guarantees of security will be introduced. Isolated execution for CPUs is available in products and continues to receive commercial and research interest. This project will substantially improve the security and applicability of isolated execution systems by providing protection against side channel attacks and by extending them beyond the CPU to operate in modern heterogeneous systems. This project will provide research opportunities for underrepresented students. New educational material on isolated execution and heterogeneous system security will be developed and integrated into classes.The project repository (available at https://github.com/seas-ucr/LFIE) will be maintained for at least 3 years beyond the end of the grant. It will hold all software byproducts from the project.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

孤立的执行是一种硬件支持的安全模型，用于保护程序免受受损或不信任的系统（例如云上）。 该项目将开发下一代孤立的执行系统，以改善沿三个维度的最新执行系统。 该项目将开发一个正式的理论框架来研究攻击和防御措施，并根据可合转资源的概念开发针对侧渠道攻击的新解决方案。该项目分为三个推力。首先，将探讨基于新的可组合资源概念的隔离执行环境中对侧渠道泄漏的防御措施：这些是可以组合的精细资源，以创建隔离的资源分区以进行安全性。 其次，隔离执行的概念将延伸到CPU之外，以涵盖异质系统。 最后，将引入有关漏洞和防御能力的推理的新形式主义，以实现强大的安全保证。 CPU的孤立执行可在产品中获得，并继续获得商业和研究兴趣。 该项目将通过提供针对侧渠道攻击的保护，并将其扩展到CPU以外，从而在现代异质系统中运行，从而实质上提高了孤立的执行系统的安全性和适用性。 该项目将为代表性不足的学生提供研究机会。 有关隔离执行和异质系统安全性的新的教育材料将被开发并集成到课堂中。项目存储库（可在https://github.com/seas-ucr/lfie上获得）至少在赠款结束之后至少维护3年。 该奖项将对NSF的法定任务进行奖励，并被认为是值得通过基金会的知识分子优点和更广泛的影响评论标准来评估的。

项目成果

Spy in the GPU-box: Covert and Side Channel Attacks on Multi-GPU Systems

• DOI: 10.1145/3579371.3589080
• 发表时间: 2022-03
• 期刊: Proceedings of the 50th Annual International Symposium on Computer Architecture
• 作者: S. B. Dutta;Hoda Naghibijouybari;Arjun Gupta;Nael B. Abu-Ghazaleh;A. Márquez;K. Barker

Leaky Buddies: Cross-Component Covert Channels on Integrated CPU-GPU Systems

• DOI: 10.1109/isca52012.2021.00080
• 发表时间: 2020-11
• 期刊: 2021 ACM/IEEE 48th Annual International Symposium on Computer Architecture (ISCA)
• 作者: Sankha Baran Dutta;Hoda Naghibijouybari;N. Abu-Ghazaleh;A. Márquez;K. Barker

Microarchitectural Attacks in Heterogeneous Systems: A Survey

• DOI: 10.1145/3544102
• 发表时间: 2022-06
• 期刊: ACM Computing Surveys
• 影响因子: 16.6
• 作者: Hoda Naghibijouybari;Esmaeil Mohammadian Koruyeh;Nael B. Abu-Ghazaleh