Architectural Support for Protecting Memory Integrity and Confidentiality

This dissertation describes efficient design of tamper-resistant secure processor and cryptographic memory protection model that will strength security of a computing system. The thesis proposes certain cryptographic and security features integrated into the general purpose processor and computing platform to protect confidentiality and integrity of digital content stored in a computing system's memory. System designers can take advantages of the availability of the proposed security model to build future security systems such as systems with strong anti-reverse engineering capability, digital content protection system, or trusted computing system with strong tamper-proof protection. The thesis explores architecture level optimizations and design trade-offs for supporting high performance tamper-resistant memory model and micro-processor architecture. It expands the research of the previous studies on tamper-resistant processor design on several fronts. It offers some new architecture and design optimization techniques to further reduce the overhead of memory protection over the previous approaches documented in the literature. Those techniques include prediction based memory decryption and efficient memory integrity verification approaches. It compares different encryption modes applicable to memory protection and evaluates their pros and cons. In addition, the thesis tries to solve some of the security issues that have been largely ignored in the prior art. It presents a detailed investigation of how to integrate confidentiality protection and integrity protection into the out-of-order processor architecture both efficiently and securely. Furthermore, the thesis also expands the coverage of protection from single processor to multi-processor.Ph.D.Committee Chair: Dr. Hsien-Hsin Sean Lee; Committee Member: Dr. Doug Blough; Committee Member: Dr. Gabriel H. Loh; Committee Member: Dr. Mustaque Ahamad; Committee Member: Dr. Sung Kyu Li

Proceedings of the Workshop on web applications and secure hardware (WASH 2013).

Web browsers are becoming the platform of choice for applications that need to work across a wide range of different devices, including mobile phones, tablets, PCs, TVs and in-car systems. However, for web applications which require a higher level of assurance, such as online banking, mobile payment, and media distribution (DRM), there are significant security and privacy challenges. A potential solution to some of these problems can be found in the use of secure hardware – such as TPMs, ARM TrustZone, virtualisation and secure elements – but these are rarely accessible to web applications or used by web browsers. The First Workshop on Web Applications and Secure Hardware (WASH'13) focused on how secure hardware could be used to enhance web applications and web browsers to provide functionality such as credential storage, attestation and secure execution. This included challenges in compatibility (supporting the same security features despite different user hardware) as well as multi-device scenarios where a device with hardware mechanisms can help provide assurance for systems without. Also of interest were proposals to enhance existing security mechanisms and protocols, security models where the browser is not trusted by the web application, and enhancements to the browser itself

Architectural Support for High-Performance, Power-Efficient and Secure Multiprocessor Systems

High performance systems have been widely adopted in many fields and the demand for better performance is constantly increasing. And the need of powerful yet flexible systems is also increasing to meet varying application requirements from diverse domains. Also, power efficiency in high performance computing has been one of the major issues to be resolved. The power density of core components becomes significantly higher, and the fraction of power supply in total management cost is dominant. Providing dependability is also a main concern in large-scale systems since more hardware resources can be abused by attackers. Therefore, designing high-performance, power-efficient and secure systems is crucial to provide adequate performance as well as reliability to users. Adhering to using traditional design methodologies for large-scale computing systems has a limit to meet the demand under restricted resource budgets. Interconnecting a large number of uniprocessor chips to build parallel processing systems is not an efficient solution in terms of performance and power. Chip multiprocessor (CMP) integrates multiple processing cores and caches on a chip and is thought of as a good alternative to previous design trends. In this dissertation, we deal with various design issues of high performance multiprocessor systems based on CMP to achieve both performance and power efficiency while maintaining security. First, we propose a fast and secure off-chip interconnects through minimizing network overheads and providing an efficient security mechanism. Second, we propose architectural support for fast and efficient memory protection in CMP systems, making the best use of the characteristics in CMP environments and multi-threaded workloads. Third, we propose a new router design for network-on-chip (NoC) based on a new memory technique. We introduce hybrid input buffers that use both SRAM and STT-MRAM for better performance as well as power efficiency. Simulation results show that the proposed schemes improve the performance of off-chip networks through reducing the message size by 54% on average. Also, the schemes diminish the overheads of bounds checking operations, thus enhancing the overall performance by 11% on average. Adopting hybrid buffers in NoC routers contributes to increasing the network throughput up to 21%

Cross-core Microarchitectural Attacks and Countermeasures

In the last decade, multi-threaded systems and resource sharing have brought a number of technologies that facilitate our daily tasks in a way we never imagined. Among others, cloud computing has emerged to offer us powerful computational resources without having to physically acquire and install them, while smartphones have almost acquired the same importance desktop computers had a decade ago. This has only been possible thanks to the ever evolving performance optimization improvements made to modern microarchitectures that efficiently manage concurrent usage of hardware resources. One of the aforementioned optimizations is the usage of shared Last Level Caches (LLCs) to balance different CPU core loads and to maintain coherency between shared memory blocks utilized by different cores. The latter for instance has enabled concurrent execution of several processes in low RAM devices such as smartphones. Although efficient hardware resource sharing has become the de-facto model for several modern technologies, it also poses a major concern with respect to security. Some of the concurrently executed co-resident processes might in fact be malicious and try to take advantage of hardware proximity. New technologies usually claim to be secure by implementing sandboxing techniques and executing processes in isolated software environments, called Virtual Machines (VMs). However, the design of these isolated environments aims at preventing pure software- based attacks and usually does not consider hardware leakages. In fact, the malicious utilization of hardware resources as covert channels might have severe consequences to the privacy of the customers. Our work demonstrates that malicious customers of such technologies can utilize the LLC as the covert channel to obtain sensitive information from a co-resident victim. We show that the LLC is an attractive resource to be targeted by attackers, as it offers high resolution and, unlike previous microarchitectural attacks, does not require core-colocation. Particularly concerning are the cases in which cryptography is compromised, as it is the main component of every security solution. In this sense, the presented work does not only introduce three attack variants that can be applicable in different scenarios, but also demonstrates the ability to recover cryptographic keys (e.g. AES and RSA) and TLS session messages across VMs, bypassing sandboxing techniques. Finally, two countermeasures to prevent microarchitectural attacks in general and LLC attacks in particular from retrieving fine- grain information are presented. Unlike previously proposed countermeasures, ours do not add permanent overheads in the system but can be utilized as preemptive defenses. The first identifies leakages in cryptographic software that can potentially lead to key extraction, and thus, can be utilized by cryptographic code designers to ensure the sanity of their libraries before deployment. The second detects microarchitectural attacks embedded into innocent-looking binaries, preventing them from being posted in official application repositories that usually have the full trust of the customer

SECURE REAL-TIME SMART GRID COMMUNICATIONS: A MICROGRID PERSPECTIVE

Microgrids are a key component in the evolution of the power grid. Microgrids are required to operate in both grid connected and standalone island mode using local sources of power. A major challenge in implementing microgrids is the communications and control to support transition from grid connected mode and operation in island mode. In this dissertation we propose a distributed control architecture to govern the operation of a microgrid. The func- tional communication requirements of primary, secondary and tertiary microgrid controls are considered. Communication technology media and protocols are laid out and a worst-case availability and latency analysis is provided. Cyber Security challenges to microgrids are ex- amined and we propose a secure communication architecture to support microgrid operation and control. A security model, including network, data, and attack models, is defined and a security protocol to address the real-time communication needs of microgrids is proposed. We propose a novel security protocol that is custom tailored to meet those challenges. The chosen solution is discussed in the context of other security options available in the liter- ature. We build and develop a microgrid co-simulation model of both the power system and communication networks, that is used to simulate the two fundamental microgrid power transition functions - transition from island to grid connected mode, and grid connected to island mode. The proposed distributed control and security architectures are analyzed in terms of performance. We further characterize the response of the power and communication subsystems in emergency situations: forced islanding and forced grid modes. Based on our findings, we generalize the results to the smart grid