STARSS: Small: Collaborative: Practical and Scalable Security Verification of Security-Aware Hardware Architectures

STARSS：小型：协作：安全感知硬件架构的实用且可扩展的安全验证

• 批准号: 1524680
• 负责人: Jakub Szefer
• 金额: $ 16.67万
• 依托单位: Yale University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2015
• 资助国家: 美国
• 起止时间: 2015-10-01 至 2018-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1524680&HistoricalAwards=false
• 关键词: STARSS; Small; Collaborative; Practical; Scalable

Computers form the backbone of any modern society, and often process large amounts of sensitive and private information. To help secure the software, and the sensitive data, a number of secure hardware-software and processor architectures have been proposed. These architectures incorporate novel protection and defense mechanisms directly in the hardware where they cannot be modified or bypassed, unlike software protections. However, due to lack of practical and scalable security verification tools and methodologies, very few of the proposed hardware security architectures have been commercially deployed. This project develops a security verification methodology that is applicable to different hardware-software security architectures. This project develops security invariants and methodology that hardware architects can deploy to check the security properties of their architectures in a scalable and semi-automated manner. The methodology is applied to verify hardware-enhanced isolation architectures and architectures that minimize the attack surface in cloud computing. Verification of a secure cache's resistance to cache side channel attacks is also investigated. Researchers and designers will have a new method to systematically check their designs, and show to others the conditions under which they work. Hardware manufacturers will gain assurance to actually implement these security architectures in real products. In turn, customers will gain assurance about the secure hardware that protects their computations running on their devices or virtual machines running on remote cloud servers. Security architectures are important to customers and hardware manufacturers, however, security verification is needed to make them a reality.

计算机构成了现代社会的支柱，并且经常处理大量敏感和私人信息。 为了帮助保护软件和敏感数据，已经提出了许多安全的硬件-软件和处理器架构。 这些架构直接在硬件中整合了新颖的保护和防御机制，与软件保护不同，这些机制无法被修改或绕过。 然而，由于缺乏实用且可扩展的安全验证工具和方法，所提出的硬件安全架构很少得到商业部署。 该项目开发了一种适用于不同软硬件安全架构的安全验证方法。该项目开发了硬件架构师可以部署的安全不变量和方法，以可扩展和半自动化的方式检查其架构的安全属性。该方法用于验证硬件增强隔离架构和最小化云计算中攻击面的架构。 还研究了安全缓存对缓存侧通道攻击的抵抗力的验证。研究人员和设计师将有一种新方法来系统地检查他们的设计，并向其他人展示他们的工作条件。 硬件制造商将获得在实际产品中实际实施这些安全架构的保证。 反过来，客户将获得有关安全硬件的保证，以保护其设备上运行的计算或远程云服务器上运行的虚拟机。安全架构对于客户和硬件制造商来说很重要，但是需要安全验证才能使其成为现实。

项目成果

SecChisel Framework for Security Verification of Secure Processor Architectures

用于安全处理器架构安全验证的 SecChisel 框架

• DOI: 10.1145/3337167.3337174
• 发表时间: 2019
• 期刊: Workshop on Hardware and Architectural Support for Security and Privacy
• 作者: Deng, Shuwen;Gümüşoğlu, Doğuhan;Xiong, Wenjie;Sari, Sercan;Gener, Y. Serhan;Lu, Corine;Demir, Onur;Szefer, Jakub
• 通讯作者: Szefer, Jakub

Cache timing side-channel vulnerability checking with computation tree logic

• DOI: 10.1145/3214292.3214294
• 发表时间: 2018-06
• 期刊: Proceedings of the 7th International Workshop on Hardware and Architectural Support for Security and Privacy
• 作者: Shuwen Deng;Wenjie Xiong;Jakub Szefer

Survey of microarchitectural side and covert channels, attacks, and defenses

• DOI: 10.1007/s41635-018-0046-1
• 发表时间: 2019-01-01
• 期刊: J. Hardw. Syst. Secur.
• 作者: Szefer, Jakub