Energy Secure Architecture: A Wish List

Energy optimizations are being aggressively pursued today. Can these optimizations open up security vulnerabilities? In this invited talk at the Energy Secure System Architectures Workshop (run by Pradip Bose from IBM Watson research center) I discussed security implications of energy optimizations, capabilities of attackers, ease of exploitation, and payoff to the attacker. I first presented a mini tutorial on security for computer architects, and a personal research wish list for this emerging topic

Unsupervised Anomaly-based Malware Detection using Hardware Features

Recent works have shown promise in using microarchitectural execution patterns to detect malware programs. These detectors belong to a class of detectors known as signature-based detectors as they catch malware by comparing a program's execution pattern (signature) to execution patterns of known malware programs. In this work, we propose a new class of detectors - anomaly-based hardware malware detectors - that do not require signatures for malware detection, and thus can catch a wider range of malware including potentially novel ones. We use unsupervised machine learning to build profiles of normal program execution based on data from performance counters, and use these profiles to detect significant deviations in program behavior that occur as a result of malware exploitation. We show that real-world exploitation of popular programs such as IE and Adobe PDF Reader on a Windows/x86 platform can be detected with nearly perfect certainty. We also examine the limits and challenges in implementing this approach in face of a sophisticated adversary attempting to evade anomaly-based detection. The proposed detector is complementary to previously proposed signature-based detectors and can be used together to improve security.Comment: 1 page, Latex; added description for feature selection in Section 4, results unchange

The Gestalt: A Secure, High Performance, Low Cost Satellite Ground Station Architecture and its Implementation

In this paper we present The Gestalt, a novel security methodology developed with support from the Office of Naval Research for satellite ground stations systems. While security is often a stated priority for these systems, often it is traded off for better performance, lower cost and reduced design complexity. We identified two main classes of security vulnerabilities that can be exploited by attackers in small-sat systems: 1) intentionally introduced supply chain vulnerabilities in both software and hardware, and 2) inadvertent coding and logic vulnerabilities in code. Our engineering methodology reduces the risk of attacks through four methods: 1. Debloating: Ground stations are complex and involve the integration of many hardware and software systems. This complexity makes them vulnerable to a range of software, and hardware based attacks. Our method of implementing what was previously software functionality in hardware through system debloating achieves this attack surface reduction. 2. Hardware synthesis from Specifications: The use of legacy-free high-level synthesis (HLS) for the specification of processing functions reduces implementation errors, increases productivity, and permits hardware validation using commercial software fuzz testing techniques. 3. Use of hardware scanning techniques: We use a novel method for performing security scans of hardware blocks generated by High-level Synthesis. This step reduces the risk of backdoors inserted by specification developers, attackers modifying the code without knowledge of developers or high-level synthesis tools going undetected. 4. Static memory allocation: A majority of software attacks today are due to memory safety problems in software: Microsoft revealed that 70% of the exploited software vulnerabilities are related to the absence of memory safety. When we use software in the The Gestalt, we take a radical approach to solving the pervasive memory safety problem by completely eliminating the use of dynamic memory. Instead, data processing takes place in hardware using static memory allocation. The result of these approaches is the Exos FEP, a tightly-integrated ground station system that operates in a bit-serial manner. Compared to conventional designs, the Exos FEP achieves high performance by implementing all data processing functions in hardware. Our solution is able to achieve data rates up to 125 Mbps per FPGA in a commodity, commercially cloud-based environment. Perhaps, the most important benefit is a 1000-fold reduction in lines of code compared to state-of-the-art FEP implementation, and achieves Zero Trust supply chain guarantees. With the increased adoption of smallsats, the security problems normally only associated with large military control centers are now spreading to smaller organizations which may not have the necessary security infrastructure to fully understand or cope with the threats. The possibility of using a security-forward approach such as The Gestalt methodology and the resulting ground system architecture and implementation are a promising approach for protecting the smallsat ecosystem

Hybrid Continuous-Discrete Computer: from ISA to Microarchitecture

In this project, we design an instruction set architecture for a proposed hybrid continuous-discrete computer (HCDC) chip. The ISA harnesses the microarchitectural features and analog circuitry provided in the hardware. We describe the workloads that are suitable for the HCDC architecture. The underlying microarchitecture for the HCDC chip, including its controllers, datapaths, and interfaces to analog and digital functional units are specified in detail

Enhanced Instruction Set Randomization Design Space Exploration

The purpose of this work was to analyze design requirements of Instruction Set Randomization defense for Heterogeneous System Architectures

Heisenbyte: Thwarting Memory Disclosure Attacks using Destructive Code Reads

Vulnerabilities that disclose executable memory pages enable a new class of powerful code reuse attacks that build the attack payload at runtime. In this work, we present Heisenbyte, a system to protect against memory disclosure attacks. Central to Heisenbyte is the concept of destructive code reads – code is garbled right after it is read. Garbling the code after reading it takes away from the attacker her ability to leverage memory disclosure bugs in both static code and dynamically generated just-in-time code. By leveraging existing virtualization support, Heisenbyte’s novel use of destructive code reads sidesteps the problem of incomplete binary disassembly in binaries, and extends protection to close-sourced COTS binaries, which are two major limitations of prior solutions against memory disclosure vulnerabilities. Our experiments demonstrate that Heisenbyte can tolerate some degree of imperfect static analysis in disassembled binaries, while effectively thwarting dynamic code reuse exploits in both static and JIT code, at a modest 1.8% average runtime overhead due to virtualization and 16.5% average overhead due to the destructive code reads

Silencing hardware backdoors.

Abstract-Hardware components can contain hidden backdoors, which can be enabled with catastrophic effects or for ill-gotten profit. These backdoors can be inserted by a malicious insider on the design team or a third-party IP provider. In this paper, we propose techniques that allow us to build trustworthy hardware systems from components designed by untrusted designers or procured from untrusted third-party IP providers. We present the first solution for disabling digital, designlevel hardware backdoors. The principle is that rather than try to discover the malicious logic in the design -an extremely hard problem -we make the backdoor design problem itself intractable to the attacker. The key idea is to scramble inputs that are supplied to the hardware units at runtime, making it infeasible for malicious components to acquire the information they need to perform malicious actions. We show that the proposed techniques cover the attack space of deterministic, digital HDL backdoors, provide probabilistic security guarantees, and can be applied to a wide variety of hardware components. Our evaluation with the SPEC 2006 benchmarks shows negligible performance loss (less than 1% on average) and that our techniques can be integrated into contemporary microprocessor designs

Teaching Microarchitecture through Metaphors

Students traditionally learn microarchitecture by studying textual descriptions with diagrams but few analogies. Several popular textbooks on this topic introduce concepts such as pipelining and caching in the context of simple paper-only architectures. While this instructional style allows important concepts to be covered within a given class period, students have difficulty bridging the gap between what is covered in classes and real-world implementations. Discussing concrete implementations and complications would, however, take too much time. In this paper, we propose a technique of representing microarchitecture building blocks with animated metaphors to accelerate the process of learning about complex microarchitectures. We represent hardware implementations as road networks that include specific patterns of traffic flow found in microarchitectural behavior. Our experiences indicate an 83% improvement to understanding memory system microarchitecture. We believe the mental models developed by these students will serve them in remembering microarchitectural behavior and extend to learning new microarchitectures more easily

A New Doctrine for Hardware Security

In recent years, high-profile hardware attacks have brought attention to the importance of and inadequate state of hardware security. Hardware security remains an elusive challenge because like other areas of security, it is an abnormal good where the economic laws of the free market fail to produce optimal outcomes. Correcting such marketplace failures is generally the role of government or other regulatory agencies and has been proposed and even implemented in some areas of security. However, little if no comparable work has been done in the realm of computer hardware. One explanation for this is that unlike other areas of security, we lack a comprehensive intellectual framework for discussing and reasoning about hardware security. We find that previous doctrines of security either do not apply or offer an incomplete perspective in this domain. We propose a new doctrine of hardware security based on the idea that achieving security is a burden, and that this burden must be shared between all the players in the game of security. Our doctrine serves as a tool for conceptualizing and understanding how hardware security should be regulated and administered

Introduction to Security for Computer Architecture Students

Supplementary material for a graduate computer architecture class (4824) at Columbia