| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | June 11, 2022 |
| Latest Amendment Date: | August 9, 2024 |
| Award Number: | 2154771 |
| Award Instrument: | Standard Grant |
| Program Manager: |
Qiaoyan Yu
qyu@nsf.gov (703)292-0000 CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | June 15, 2022 |
| End Date: | May 31, 2025 (Estimated) |
| Total Intended Award Amount: | $500,000.00 |
| Total Awarded Amount to Date: | $500,000.00 |
| Funds Obligated to Date: |
|
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
104 AIRPORT DR STE 2200 CHAPEL HILL NC US 27599-5023 (919)966-3411 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
NC US 27599-1350 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): | Secure &Trustworthy Cyberspace |
| Primary Program Source: |
|
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
This project studies an emerging, potential attack vector against modern computer systems: vulnerable peripheral devices, such as flash storage or network devices. Many modern computer memory (Random Access Memory, or RAM) designs are vulnerable to a rowhammering attack, where some regions of memory can be corrupted by repeated accesses from application code. This project observes that peripheral devices are no longer purely hardware, but instead have their own internal CPU and RAM, which can also be attacked---indirectly---through heavy input/output (I/O) operations. The novelties of this project are demonstrating a proof-of-concept that one can potentially deny service or gain administrative privilege on a system through vulnerable peripheral devices, as well as creating strategies to mitigate these attacks. The project's broader significance and importance is hardening the security of modern computing systems, especially cloud computing, where different users may share vulnerable hardware.
This project studies rowhammering the internal RAM in modern peripherals, using only standard, unprivileged I/O operations at the high bandwidths offered by these peripherals. The project studies practical attacks on Solid State Drives (SSDs), traditional Network Interface Cards (NICs), and emerging SmartNICs, launched by unprivileged users, such as a guest virtual machine in a multi-tenant cloud system, and using only standard I/O patterns. The work studies the impact on vulnerability to this attack of design choices in both device firmware and operating system device drivers, using both open and closed devices, and, in the case of SmartNICs, using both custom and standard network offload functions. Because it is difficult to defend against rowhammering entirely in hardware, the proposed work innovates in efficient, software/hardware cooperative defenses, which can potentially improve future peripheral hardware designs.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external
site maintained by the publisher. Some full text articles may not yet be available without a
charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from
this site.
Please report errors in award information by writing to: awardsearch@nsf.gov.
