| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | August 10, 2018 |
| Latest Amendment Date: | August 30, 2018 |
| Award Number: | 1814406 |
| Award Instrument: | Standard Grant |
| Program Manager: |
Daniela Oliveira
doliveir@nsf.gov (703)292-0000 CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | September 1, 2018 |
| End Date: | August 31, 2022 (Estimated) |
| Total Intended Award Amount: | $500,000.00 |
| Total Awarded Amount to Date: | $500,000.00 |
| Funds Obligated to Date: |
|
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
100 INSTITUTE RD WORCESTER MA US 01609-2280 (508)831-5000 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
100 Institute Road, Atwater Kent Worcester MA US 01609-2280 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): | Secure &Trustworthy Cyberspace |
| Primary Program Source: |
|
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
The project takes the rapidly evolving advances in deep learning and applies them in the context of side-channel analysis (SCA). Finding SCA leakages on real devices can be a tedious process, resulting devices ranging from wearables to embedded Internet of Things (IoT) devices entering the marketplace without proper protection. This project explores ways to automate side-channel security analysis using deep learning techniques. To protect devices against SCA, the project also explores a novel approach to countermeasure design by applying the concept of adversarial learning.
SCA is essentially one complex statistical signal processing problem, which deep learning is ideally suited to solve. The project systematically quantifies the impact of deep learning on SCA by applying deep learning methods to all necessary steps in SCA, namely alignment, noise reduction, feature extraction and model building. Meaningful parameter sets for a representative list of reference targets are explored. The project also adapts adversarial learning techniques to counteract optimized side-channel information recovery, thereby inventing an entirely new class of side-channel countermeasures, where machine learning adaptively shapes leakage signals to prevent correct classification.
The SCA analysis and protection tools explored in this project will be invaluable for the health of our national computing and communications infrastructure. They will be released as an easy-to-use open-source toolbox. Furthermore, the project provides new insights and training for the next generation of experts at the intersection of two critical technologies, i.e. artificial intelligence and security.
More information on the project, including important data and developed code, is available at: http://v.wpi.edu/research/superhuman, until circa 2026.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external
site maintained by the publisher. Some full text articles may not yet be available without a
charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from
this site.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
This project aimed to determine if one can leverage recent advances in machine learning algorithms to the service of cybersecurity. Specifically, we wished to automate vulnerability detection to cope with the ever growing threat to our computing infrastructure. Another goal was to detemine if machine learning algorithms can outperform human experts in vulnerability discovery.
The investigation has determined that indeed using advanced machine learning techniques, i.e. so-called deep learning algorithms, we can build scalable vulnerability scanners that outperform existings ones in both flexibilty and in speed by several orders of magnitude. The tool FastSpec is made available to practioners and researchers in a public repository as an open source software to be deployed and further extended.
The study has confirmed that indeed deep learning algorithms can vastly outperform human experts in generating variations of existing vulnerabilities and scanning for them in large scale software. On the other hand, there are more advanced types of vulnerabilties that exploit subtle interactions inside computer architecture and escape automated analysis until more advanced machine learning algorithms are developed.
Another signficant discovery of the project is that one can use machine learning techniques recently developed for human language analysis, to automatically categorize vulnerabilities and thereby expose the root of the vulnerability, i.e. connect it to the specific hardware components that cause the vulnerability. This gives us the ability to quickly identify and fix vulnerabilities in large scale computer systems.
During the project the team discovered new vulnerabilities that affect widely used hardware and software, such as in Intel CPUs and security software. The team worked with the companies for patches to be released. The discovered vulnerabilities along with newly discovered ones published by other groups were added to the vulnerability scanner.
In developing the machine learning models, the team discovered new types of vulnerabiltiies that target the machine learning algorithms themselves. Given the rate of deployment of such algorithms in everyday applications, e.g. autonomous cars, mobile assistants, etc. it becomes essential to secure machine learning software.
The technical work conducted during the project, provided the perfect education eperience to train the next generation security engineers. Specifically, the project supported the completion of three doctoral studies. Further, several undergraduate students particiapated in the work learning about machine learning, cybersecurity and computing systems.
The project team participated in several outreach activities organized by the team's instituate. One such event was attended by thousands of middle and high school students along with their parents. The team opened a stand that was visited by hundreds of participants. Demonstrations of security issues in every day computing was given to attendees which was followed question and answer sessions.
Last Modified: 11/15/2022
Modified by: Berk Sunar
Please report errors in award information by writing to: awardsearch@nsf.gov.
