| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | August 14, 2018 |
| Latest Amendment Date: | August 14, 2018 |
| Award Number: | 1814190 |
| Award Instrument: | Standard Grant |
| Program Manager: |
Daniela Oliveira
doliveir@nsf.gov (703)292-0000 CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | October 1, 2018 |
| End Date: | September 30, 2021 (Estimated) |
| Total Intended Award Amount: | $165,597.00 |
| Total Awarded Amount to Date: | $165,597.00 |
| Funds Obligated to Date: |
|
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
1 NASSAU HALL PRINCETON NJ US 08544-2001 (609)258-3090 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
87 Prospect Avenue, 2nd floor Princeton NJ US 08544-2020 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): | Secure &Trustworthy Cyberspace |
| Primary Program Source: |
|
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
This project will develop new open-source processor architectures with advanced security features. The security features will be added to existing open-source processors to help protect the confidentiality and integrity of data and to protect against side-channel attacks. Beyond the design, the project will also provide new methodology to verify the proposed security feature, to provide assurance that the processor hardware itself is provably secure.
The first thrust of the project focuses on side-channel protections, especially of processor caches, and other functional units that can be exploited to leak secret information. It further adds security counters and new means to protect trusted software modules. The second thrust focuses on the design of the security verification approaches for hardware, including the use of satisfiability modulo theories (SMT) based solvers and temporal logics.
If successful, this will make open-source processors and their applications more secure against attacks. It will enable the academic community to further develop and extend the capabilities of the ope-source secure processor and further education in hardware security.
All artefacts developed by this project will be available online at http://caslab.csl.yale.edu/code/ or http://palms.ee.princeton.edu. The web sites will be maintained for the duration of the project and as long as the research groups involved in this project are active.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external
site maintained by the publisher. Some full text articles may not yet be available without a
charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from
this site.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
Project Outcomes:
Design and Security Verification of Next-Generation Open-Source Processors
PI Ruby Lee, Princeton University
The goal of our project was to explore advanced security features for next-generation open-source processors. We studied hardware defenses for known and new attacks, and new approaches for improving security using deep learning. We studied security defenses for cache side-channel attacks and the recent devastating speculative execution attacks on microprocessors. We focused initially on the open source RISC-V processors, then broadened this to all microprocessors.
Speculative execution attacks exploit hardware performance optimization features to illegally access secret information, then leak the secrets to an unauthorized recipient. New speculative attacks keep appearing since Spectre and Meltdown first appeared in January 2018. Our work includes providing new insights into these attacks by 1) modelling speculative execution attacks with similar attack graphs, 2) identifying missing security links in these attack graphs that can prevent these attacks which we call "security dependencies" and 3) systematizing the hardware defenses that can be (and have been) proposed to defeat these speculative attacks. We identified the critical attack steps in all speculative attacks and showed how preventing one of these steps can defeat the attack, and how security-performance tradeoffs can be made safely to improve performance without allowing information leakage.
We believe that one of the most important features for improving security in future processors is by using deep learning techniques. Towards this end, we showed how deep learning can improve security across very different computer systems, from power-grid controllers, smartphones, IOT devices, to cloud computers. We showed how a tiny hardware module can be added to detect anomalous behavior in a smartphone to detect imposter usage of the smartphone. This won the Best Paper award at the TinyML Research Symposium in 2021. Based on the same deep learning and statistical algorithms, anomalous behavior in controllers for critical infrastructures like the power-grid can be detected in real-time with extremely high accuracy. We also showed that a pre-trained deep learning model, enhanced with more advanced statistical techniques, can detect anomalous behavior in cloud computing servers. Furthermore, we show how to distinguish between benign anomalies and malicious anomalies (i.e., attacks) to reduce false alarms.
Finally, we showed a methodology for practical and scalable security verification of computer systems which are larger and more complicated than what formal methods can typically handle. This can contribute to the assurance of hardware-software security systems and is especially useful in the design stage for security architectures where changes can be made more easily.
By providing better security for next generation processors, the broader impact of this work can improve the security of all computer systems and computing devices that we use in our every day lives. It also can improve information security and privacy and the security of all digital infrastructures.
Selected publications:
[1] Zecheng He, Guangyuan Hu, Ruby B. Lee, "New Models for Understanding and Reasoning about Speculative Execution Attacks", IEEE International Symposium on High-Performance Computer Architecture (HPCA), April 2021. DOI: 10.1109/HPCA51647.2021.00014
[2] Guangyuan Hu, Zecheng He, Ruby B. Lee, "SoK: Hardware Defenses Against Speculative Execution Attacks", International Symposium on Secure and Private Execution Environment Design (SEED), September, 2021. DOI: 10.1109/SEED51797.2021.00023.
[3] Zecheng He, Aswan Raghavan, Guangyuan Hu, Sek Chai and Ruby Lee, "Power-Grid Controller Anomaly Detection with Enhanced Temporal Deep Learning", --18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications (TrustCom). DOI: https://doi.org/10.1109/TrustCom/BigDataSE.2019.00030
[4] Guangyuan Hu, Zecheng He, Ruby B. Lee, "Smarthphone Impostor Detection with Behavioral Data Privacy and Minimalist Hardware Support", TinyML Research Symposioum'21, March 2021. DOI: 10.48550/arXiv.2103.06453 Best Paper Award.
[5] Zecheng He, Ruby B. Lee, "CloudShield: Real-time Anomaly Detection in the Cloud", arXiv Computer Science Cryptography and Security, August 2021.
DOI: 10.48550/arXIV.2108.08977
[6] Tianwei Zhang, Jakub Szefer; Ruby B. Lee, "Practical and Scalable Security Verification of Secure Architectures", Hardware and Architectural Support for Security and Privacy (HASP), October 2021. DOI: 10.1145/3505253.3505256
Last Modified: 01/27/2023
Modified by: Ruby Lee
Please report errors in award information by writing to: awardsearch@nsf.gov.
