CAREER: Integrating Microarchitecture Simulation and Side-Channel Leakage Modeling for Safer Software

职业：集成微架构仿真和侧通道泄漏建模以实现更安全的软件

• 批准号: 2338623
• 负责人: Nader Sehatbakhsh
• 金额: $ 63.75万
• 依托单位: University of California-Los Angeles
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2024
• 资助国家: 美国
• 起止时间: 2024-07-01 至 2029-06-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2338623&HistoricalAwards=false
• 关键词: CAREER; Integrating; Microarchitecture; Simulation; Side

Computers, ranging from embedded systems to servers, are becoming increasingly pervasive and critical in our lives. Whilst these systems carry out their main function, which is computation, they inadvertently generate traces that could potentially disclose sensitive information through alternative physical or digital pathways known as “side-channels.” As we become increasingly dependent upon computing systems, it is more critical than ever to know how side-channel signals can be created, how side-channel leakage can be modeled, and how future software systems should be designed to be robust against side-channel attacks. This proposal explores new methods and tools for quantifying and modeling side-channels for a wide range of processors. Successful completion of this project brings new methods, findings, and open-source tools for analyzing and quantifying side-channels. Various designers and industries can gain advantages from these techniques and tools, including hardware designers, computer architects, compiler designers, and software developers. Our findings enable the construction of secure software systems while reducing cost and time-to-market. As an integral part of this research program, we also propose an educational agenda involving K-12, undergraduate, graduate, and broader security community education.The overall goal of this research proposal is to build a comprehensive tool for side-channel leakage analysis. To achieve this, we first need to improve our modeling capabilities, particularly for physical side-channels, and then focus on integrating these models into established simulation and analysis tools. Based on these needs, our proposal is structured into two research thrusts and an evaluation plan. Each thrust is further broken down into three main research objectives. The first thrust is focused on building an accurate tool to estimate power and electromagnetic (EM) side-channels at the software level. Using three research objectives, we plan to build a model that can accurately model various processor architectures as well as other important components (e.g., accelerators) on a system-on-chip (SoC). The second thrust is focused on modeling microarchitectural side-channels. Specifically, the main goal is to build a new tool that can combine established binary analysis tools with known side-channel leakage models. The ideas proposed will be evaluated using a detailed evaluation plan. We will apply our methods to a wide variety of systems and setups with different hardware and software designs. We will consider various scenarios including different microarchitecture designs (in-order, out-of-order, multicore) and different side-channels (physical electromagnetic signals, digital cache side-channels, transient/speculative side-channels).This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

计算机，从嵌入式系统到服务器，在我们的生活中变得越来越普遍和重要。虽然这些系统执行其主要功能（即计算），但它们无意中生成了可能通过称为“侧通道”的替代物理或数字路径泄露敏感信息的痕迹。随着我们越来越依赖于计算系统，了解如何创建侧信道信号，如何对侧信道泄漏进行建模，以及如何设计未来的软件系统以抵抗侧信道攻击比以往任何时候都更加重要。该提案探索了用于对各种处理器的侧通道进行量化和建模的新方法和工具。该项目的成功完成为分析和量化侧通道带来了新的方法，发现和开源工具。各种设计人员和行业都可以从这些技术和工具中获益，包括硬件设计人员、计算机架构师、编译器设计人员和软件开发人员。我们的研究结果使安全的软件系统的建设，同时降低成本和上市时间。作为本研究计划的一个组成部分，我们还提出了一个教育议程，涉及K-12，本科生，研究生和更广泛的安全社区教育。本研究提案的总体目标是建立一个全面的工具，用于侧通道泄漏分析。为了实现这一目标，我们首先需要提高我们的建模能力，特别是对于物理侧信道，然后专注于将这些模型集成到已建立的仿真和分析工具中。基于这些需求，我们的建议被结构化为两个研究重点和一个评估计划。每一个重点进一步细分为三个主要的研究目标。第一个重点是建立一个准确的工具，以估计功率和电磁（EM）侧通道在软件层面。使用三个研究目标，我们计划建立一个模型，可以准确地模拟各种处理器架构以及其他重要组件（例如，加速器）。第二个重点是对微架构侧通道进行建模。具体而言，主要目标是建立一个新的工具，可以结合联合收割机建立的二元分析工具与已知的侧通道泄漏模型。将使用详细的评估计划对提出的想法进行评估。我们将把我们的方法应用于各种各样的系统和具有不同硬件和软件设计的设置。我们将考虑各种方案，包括不同的微架构设计（有序、无序、多核）和不同的侧通道（物理电磁信号、数字缓存侧通道、瞬态/推测侧通道）。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。