CAREER: Enabling Robust and Adaptive Architectures through a Decoupled Security-Centric Hardware/Software Stack

职业：通过解耦的以安全为中心的硬件/软件堆栈实现鲁棒性和自适应架构

• 批准号: 2238548
• 负责人: Ashish Venkat
• 金额: $ 50.96万
• 依托单位: University of Virginia Main Campus
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-10-01 至 2028-09-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2238548&HistoricalAwards=false
• 关键词: CAREER; Enabling; Robust; Adaptive; Architectures

The growing complexity in modern systems has placed substantial limits on our ability to comprehensively assess threats and deploy timely mitigations. According to Google’s Project Zero, a new exploit is discovered in the wild every 17 days, although it takes an average of 15 days across all vendors to patch a vulnerability, highlighting the inability of existing solutions to scale with the rapidly evolving threat landscape. This project takes a radically new approach by developing a holistic security-centric hardware/software stack that is decoupled from the Instruction Set Architecture (ISA), so as to empower software to dynamically push expressive security policies to hardware, where they can be transparently and efficiently enforced on-demand and in-the-field through novel hardware design mechanisms, without the need for recompilation, redeployment, and frequent hardware upgrades. This work is expected to significantly enhance robustness, versatility, flexibility, and adaptability of modern architectures in the range and types of exploits they can mitigate, while simultaneously minimizing both the time to mitigation and the cost of deployment. This project will also address the urgent need to boost the nation’s cybersecurity workforce through (a) curriculum development and ethical hacking workshops targeted at high school, college, and professional students, (b) development of community research infrastructure and evaluation testbeds for rapid assessment of security policies, and (c) research mentorship of undergraduate and underrepresented students on security-related projects. This project entails three synergistic research thrusts that together enable a holistic full system across-the-stack solution for timely mitigation of exploits. The first thrust will develop a decoupled security-centric hardware/software interface to allow software to capture interactions and relationships among the different subjects and objects in the system and specify an expressive set of security policies in the form of logic formulas, to mitigate a wide range of hardware and software attacks ranging from memory and type safety to transient execution attacks. The second thrust will develop novel hardware design mechanisms and microcode primitives to evaluate and enforce the security policies specified in software, while maintaining high levels of performance with minimal impact on power and area. The third thrust will develop innovative hardware-based attribute tracking mechanisms to transparently track the flow of high-level software attributes, during execution, to enhance the effectiveness of the underlying hardware enforcement mechanisms.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

现代系统中日益增长的复杂性已对我们全面评估威胁和及时缓解的能力造成了重大限制。根据Google的项目零项目，每17天在野外发现了一个新的漏洞，尽管所有供应商平均需要15天的时间来修补脆弱性，这突出了现有解决方案无法随着迅速发展的威胁格局的规模扩展。该项目通过开发一个从指令集体系结构（ISA）解耦的整体以安全性硬件/软件堆栈的形式采用根本性的新方法，以使软件能够将表达性的安全策略推向硬件，在这些硬件上可以透明地有效地强制执行通过新硬件设计，而无需将其用于繁重的机制，以使其在不需要的机构上进行综合，并逐渐销售。预计这项工作将显着升级，可提高现代体系结构在他们可以减轻的利用范围和类型中的鲁棒性，多功能性，灵活性和适应性，同时将缓解时间和部署成本降至最低。该项目还将解决迫切需要通过（a）针对高中，大学和专业学生的课程开发和道德黑客式工作坊来促进国家的网络安全劳动力，（b）开发社区研究基础设施和评估测试床，以快速评估安全政策的快速评估，以及（c）不足的学生和不足学生的研究性研究性的研究性，并培养了较低的学生。该项目需要进行三项协同研究，共同使整个堆栈解决方案的整体完整系统共同及时缓解利用。第一个推力将开发以安全性为中心的硬件/软件接口，以允许软件捕获系统中不同主题和对象之间的交互和关系，并以逻辑公式的形式指定一组表达性的安全策略集，以减轻各种硬件和软件攻击，从而范围范围范围，从而范围范围范围，包括内存和类型的安全性攻击，并输入安全性执行攻击。第二个推力将开发出新颖的硬件设计机制和微型原始图，以评估和执行软件中指定的安全策略，同时维持高级别的性能，对功率和区域的影响最小。第三个推力将开发基于硬件的属性跟踪机制，以透明地跟踪执行过程中高级软件属性的流动，以增强基础硬件执行机制的有效性。这奖反映了NSF的法定任务，并通过对基金会的知识优点和广泛的影响来评估，认为NSF的法定任务是珍贵的，并通过评估来获得支持。