Collaborative Research: SaTC: CORE: Medium: Systematic Detection Of and Defenses Against Next-Generation Microarchitectural Attacks

协作研究：SaTC：核心：中：下一代微架构攻击的系统检测和防御

• 批准号: 2153388
• 负责人: David Kohlbrenner
• 金额: $ 40万
• 依托单位: University of Washington
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-10-01 至 2026-09-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2153388&HistoricalAwards=false
• 关键词: Collaborative; Research; SaTC; CORE; Medium

It is difficult to compute on sensitive data without inadvertently leaking it to the wrong party. Making matters worse, processor design significantly exacerbates this problem. Specifically, processors are made up of performance optimizations (called microarchitecture). Research has shown how a savvy attacker can manipulate microarchitecture to leak sensitive data. This project’s novelties are to design methodologies and tools for analyzing microarchitecture through a security lens: capturing its potential to leak sensitive data and providing actionable feedback to hardware designers and software writers to help avoid sensitive data breaches at both hardware design time and software run time. The project’s broader impact and importance is to develop a means for building efficient, secure processors—i.e., those where performance and security are not mutually exclusive.The project is broken into two synergistic thrusts. Thrust 1, Analysis, develops techniques for understanding and succinctly characterizing the information leakage potential of microarchitectural components (at various stages in their development) when they are integrated into a larger design. Thrust 2, Hardening, develops techniques for using said characterizations (specifications), e.g., generated by thrust 1, to derive software mitigations. In both thrusts, a major goal is to develop techniques that can be automated. Correspondingly, by the end of the project, the goal is to develop and disseminate a complete end-to-end prototype framework that can be used alongside traditional hardware design flows to 1) enable security-efficiency co-design by hardware engineers and 2) protect programs when run on previously analyzed microarchitectures.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

很难在不无意中将敏感数据泄露给错误的一方的情况下计算敏感数据。 更糟糕的是，处理器设计大大加剧了这个问题。 具体来说，处理器由性能优化（称为微架构）组成。 研究表明，精明的攻击者可以操纵微体系结构来泄露敏感数据。 该项目的新颖之处在于设计通过安全透镜分析微体系结构的方法和工具：捕获其泄漏敏感数据的可能性，并向硬件设计人员和软件编写人员提供可操作的反馈，以帮助避免在硬件设计时和软件运行时的敏感数据泄露。 该项目更广泛的影响和重要性是开发一种构建高效、安全的处理器的方法，即，性能和安全性并不相互排斥。该项目分为两个协同推进。 重点1，分析，开发技术，用于理解和简洁地描述微架构组件（在其开发的各个阶段）集成到更大的设计中时的信息泄漏潜力。推力2，硬化，开发用于使用所述表征（规范）的技术，例如，由推力1生成，以导出软件缓解措施。在这两个方面，一个主要目标是开发可以自动化的技术。相应地，在项目结束时，其目标是开发和推广一个完整的端到端原型框架，该框架可以与传统的硬件设计流程一起使用，以1）使硬件工程师能够进行安全-效率协同设计; 2）该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准。