CAREER: Understanding and Ensuring Secure-by-design Microarchitecture in Modern Era of Computing

职业：理解并确保现代计算时代的安全设计微架构

• 批准号: 2340777
• 负责人: Fan Yao
• 金额: $ 55.69万
• 依托单位: The University of Central Florida Board of Trustees
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2024
• 资助国家: 美国
• 起止时间: 2024-03-01 至 2029-02-28
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2340777&HistoricalAwards=false
• 关键词: CAREER; Understanding; Ensuring; Secure; design

Microarchitectural attacks (i.e., side and covert channels) have opened a new chapter in computer system security. These attacks manifest by exploiting timing observations from microarchitectural events, leading to either illicit communications among isolated entities or exfiltration of private data. Due to the rapid integration of new microarchitecture innovations by both industry and academia, it is widely believed that the microarchitectural attack surface will continuously expand. Therefore, a comprehensive and scalable evaluation of microarchitecture security beyond manual inspection is imperative. This project investigates systematic and automated leakage reasoning techniques on given microarchitecture designs to identify new vulnerable microarchitectural states and discover novel exploitation mechanisms. The project then explores principled mitigation and prevention techniques to thwart microarchitectural information leakage. This project includes the following complementary research efforts: (1) Building models using microarchitecture-level abstraction and constructing model checking-based frameworks that reason timing explicitly for microarchitectural leakage analysis; (2) Developing ways to instantiate microarchitectural vulnerable abstract patterns to ISA-level executions, validate and quantify new leakage attack vectors in both commercial-off-the-shelf hardware and novel microarchitectural mechanisms for future systems; (3) Exploring leakage-free and composable secure microarchitecture schemes with low overhead by employing mitigation techniques according to performance characteristics of the underlying hardware. The proof-of-concept attack/defense artifacts and analysis tools developed from this project could benefit computer architects and system designers in assessing and limiting microarchitectural information leakage. This project also offers extensive opportunities for undergraduate students and under-represented groups to engage in the field of computer architecture and security through a synergy of education and research training efforts. Successful outcomes of this project can provide holistic understandings of microarchitecture security and contribute to the development of secure-by-design architectures in modern and future computing.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

微构造攻击（即侧面和秘密频道）已打开了计算机系统安全性的新章节。这些攻击通过利用微体系事件的定时观测来表现出来，从而导致孤立实体之间的非法通信或私人数据的渗透。由于行业和学术界都将新的微观构造创新迅速整合在一起，因此人们普遍认为，微构造攻击面将不断扩大。因此，必须对手动检查以外的微体系结构安全进行全面的可扩展评估。该项目调查了给定微体系结构设计的系统和自动泄漏推理技术，以识别新的脆弱的微体系状态并发现新颖的剥削机制。然后，该项目探讨了原则缓解和预防技术，以阻止微体系信息泄漏。 该项目包括以下互补研究工作：（1）使用微体系结构级抽象和构建基于模型检查的框架建立模型，这些框架明确地定时进行了微体系泄漏分析； （2）开发方法来实例化微体系脆弱的抽象模式以ISA级执行，验证和量化商业式硬件和新颖的未来系统的新型微构造机制中的新泄漏攻击向量； （3）通过根据基础硬件的性能特征采用缓解技术来探索无泄漏和可组合的安全微体系结构方案，其开销低。该项目开发的概念验证攻击/防御工具和分析工具可以使计算机架构师和系统设计人员在评估和限制微体系图信息泄漏方面受益。该项目还为本科生和代表性不足的团体提供了广泛的机会，可以通过教育和研究培训工作协同作用来从事计算机建筑和安全领域。该项目的成功成果可以提供对微观结构安全性的整体理解，并为现代和未来计算中的安全性逐设计架构的发展做出贡献。该奖项反映了NSF的法定任务，并被认为是通过基金会的知识分子优点和更广泛的影响审查标准来通过评估来获得支持的。