| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | January 22, 2008 |
| Latest Amendment Date: | April 13, 2012 |
| Award Number: | 0746913 |
| Award Instrument: | Continuing Grant |
| Program Manager: |
Nina Amla
namla@nsf.gov (703)292-7991 CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | February 1, 2008 |
| End Date: | January 31, 2015 (Estimated) |
| Total Intended Award Amount: | $425,000.00 |
| Total Awarded Amount to Date: | $433,750.00 |
| Funds Obligated to Date: |
FY 2009 = $170,000.00 FY 2011 = $93,750.00 FY 2012 = $85,000.00 |
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
341 PINE TREE RD ITHACA NY US 14850-2820 (607)255-5014 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
341 PINE TREE RD ITHACA NY US 14850-2820 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): |
Special Projects - CNS, ADVANCED NET INFRA & RSCH, COMPUTING PROCESSES & ARTIFACT, TRUSTWORTHY COMPUTING, Secure &Trustworthy Cyberspace |
| Primary Program Source: |
01000910DB NSF RESEARCH & RELATED ACTIVIT 01001112DB NSF RESEARCH & RELATED ACTIVIT 01001213DB NSF RESEARCH & RELATED ACTIVIT |
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
Multi-core architecture with 4 to 8 cores on a die is a reality today and future generations of processors are expected to contain even more cores per chip. This project targets to realize the full potential of large-scale multi-core processors as a secure and trustworthy computing substrate. First, in "many-core" processors, the availability of a large number of processing elements together with constraints on power consumption alleviates the need for heavy time-sharing of resources, which often results in various types of side-channels. This change enables the use of more dedicated and statically allocated resources in this project to provide strong isolation and a simplified trusted software base. Second, many programmable processing elements in large-scale multi-cores can serve as a general substrate for various types of fine-grained inspection. This project is developing a flexible architecture framework for various run-time checks with minimal overheads in order to automatically detect, diagnose, and recover from malicious software attacks. Finally, the project extends the architectural framework to other aspects of trust beyond security, focusing on post-silicon verification, where the dynamic inspection can ensure various correctness properties. The research will deliver the benefits of hardware support in security and verification without requiring dedicated resources for a single fixed mechanism. Users can use each "extended core" for various security purposes, for verification and reliability purposes, or even for general computing. At the same time, the research will also enable highly secure execution environments where critical software components can be better protected.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
This project aimed to realize the full potential of large-scale multi-core processors as a secure and trustworthy computing substrate. While traditional microprocessors often contained only a single main processing core, modern processors include an increasing number of processing cores on a single chip. For example, high-end smartphone chips today use eight main processing cores. This move towards a large-scale multi-core processors presents both opportunities and challenges for building trustworthy computing systems, which this project aimed to address.
The increasing number of processing cores presents an opportunity to use some of them to closely monitor program behaviors at run-time in parallel to other programs. This project developed hardware frameworks that utilize parallel computing resources in multi-core processors to efficiently monitor and detect a wide range of security attacks at run-time. For example, the project showed that comparing multiple diversified copies of a program or explicitly checking security invariants can detect many common security exploits. The project also extended the run-time monitoring frameworks for real-time systems where the worst-case execution time must be guaranteed. This work enables the protection techniques to be applied to safety-critical real-time systems such as airplane and automotive control systems.
The large-scale multi-core processors also present new challenges in building secure systems. For example, recent studies have shown that multiple programs that run concurrently on the same hardware can leak information through interference in shared hardware resources. This project developed new techniques to provide strong isolation of concurrent software components on multi-core systems by removing timing-based information leaks. These techniques provide important building blocks for secure cloud computing platforms where multiple virtual machines are truly isolated.
Another challenge in building secure multi-core systems come from the added complexity in developing correct and secure software programs that need to carefully coordinate multiple parallel computations. As a result, parallel program bugs represent an emerging security threat in the manycore era. This project developed new techniques to detect a broad range of parallel program bugs, including traditional data races as well as new non-race bugs.
For broader impacts, the project included multiple educational activities. For example, the project trained many graduate and undergraduate students through research activities. The research outcomes were used to developed two new graduate-level courses that teach security challenges and techniques to future hardware engineers. The PI also organized summer programs for high school students to encourage underrepresented students to pursue careers in engineering, and provided tutorials on hardware-based security at major computer architecture and security conferences.
Last Modified: 04/27/2015
Modified by: Gookwon E Suh
Please report errors in award information by writing to: awardsearch@nsf.gov.
