SaTC: STARSS: Small: Collaborative: Design and Security Verification of Next-Generation Open-Source Processors

SaTC：STARSS：小型：协作：下一代开源处理器的设计和安全验证

• 批准号: 1814190
• 负责人: Ruby Lee
• 金额: $ 16.56万
• 依托单位: Princeton University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-10-01 至 2021-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1814190&HistoricalAwards=false
• 关键词: SaTC; STARSS; Small; Collaborative; Design

This project will develop new open-source processor architectures with advanced security features. The security features will be added to existing open-source processors to help protect the confidentiality and integrity of data and to protect against side-channel attacks. Beyond the design, the project will also provide new methodology to verify the proposed security feature, to provide assurance that the processor hardware itself is provably secure. The first thrust of the project focuses on side-channel protections, especially of processor caches, and other functional units that can be exploited to leak secret information. It further adds security counters and new means to protect trusted software modules. The second thrust focuses on the design of the security verification approaches for hardware, including the use of satisfiability modulo theories (SMT) based solvers and temporal logics.If successful, this will make open-source processors and their applications more secure against attacks. It will enable the academic community to further develop and extend the capabilities of the ope-source secure processor and further education in hardware security.All artefacts developed by this project will be available online at http://caslab.csl.yale.edu/code/ or http://palms.ee.princeton.edu. The web sites will be maintained for the duration of the project and as long as the research groups involved in this project are active.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

该项目将开发具有先进安全功能的新型开源处理器架构。这些安全功能将添加到现有的开源处理器中，以帮助保护数据的机密性和完整性，并防止旁道攻击。除了设计之外，该项目还将提供新的方法来验证所提出的安全功能，以确保处理器硬件本身的安全性。该项目的第一个重点是侧通道保护，特别是处理器缓存和其他可用于泄露秘密信息的功能单元。它进一步增加了安全计数器和保护可信软件模块的新方法。第二个重点是硬件安全验证方法的设计，包括使用基于可满足性模理论（SMT）的求解器和时序逻辑。如果成功，这将使开源处理器及其应用程序更安全地抵御攻击。它将使学术界能够进一步开发和扩展开源安全处理器的功能以及硬件安全方面的进一步教育。该项目开发的所有制品将在线提供：http://caslab.csl.yale.edu/代码/或http://palms.ee.princeton.edu。这些网站将在项目期间以及参与该项目的研究小组活跃期间予以维护。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力价值和更广泛的影响审查进行评估，被认为值得支持标准。

项目成果

Attacking and Protecting Data Privacy in Edge-Cloud Collaborative Inference Systems

边云协同推理系统中数据隐私的攻击与保护

• DOI: 10.1109/jiot.2020.3022358
• 发表时间: 2020-09
• 期刊: IEEE Internet of Things Journal
• 影响因子: 10.6
• 作者: He, Zecheng;Zhang, Tianwei;Lee, Ruby B.
• 通讯作者: Lee, Ruby B.

Model inversion attacks against collaborative inference

针对协作推理的模型反转攻击

• DOI: 10.1145/3359789.3359824
• 发表时间: 2019-12-09
• 期刊: Proceedings of the 35th Annual Computer Security Applications Conference
• 作者: Zecheng He;Tianwei Zhang;R. Lee
• 通讯作者: R. Lee

Position Paper: Consider Hardware-enhanced Defenses for Rootkit Attacks

立场文件：考虑针对 Rootkit 攻击的硬件增强防御

• DOI: 10.1145/3458903.3458909
• 发表时间: 2020-10-17
• 期刊: Hardware and Architectural Support for Security and Privacy
• 作者: Guangyuan Hu;Tianwei Zhang;Ruby B. Lee
• 通讯作者: Ruby B. Lee

Speculative Execution Attacks and Hardware Defenses

推测执行攻击和硬件防御

• DOI: 10.1145/3474376.3487404
• 发表时间: 2021-11
• 期刊: ASHES '21: Proceedings of the 5th Workshop on Attacks and Solutions in Hardware Security
• 作者: Lee; Ruby B.
• 通讯作者: Ruby B.

CloudShield: Real-time Anomaly Detection in the Cloud

CloudShield：云端实时异常检测

• DOI: 10.1145/3577923.3583639
• 发表时间: 2021-08-20
• 期刊: Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy
• 作者: Zecheng He;Guangyuan Hu;Ruby B. Lee
• 通讯作者: Ruby B. Lee