SaTC: CORE: Small: Language Abstractions for Reconfigurable Hardware Monitors on Manycore Architectures

SaTC：CORE：Small：众核架构上可重新配置硬件监视器的语言抽象

• 批准号: 1936794
• 负责人: Avinash Karanth
• 金额: $ 49.94万
• 依托单位: Ohio University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2020
• 资助国家: 美国
• 起止时间: 2020-05-01 至 2025-04-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1936794&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Language; Abstractions

Embedded system security is compromised when an attack exploits pre-existing software flaws in order to gain control of program behavior. Even when the software running on embedded hardware is trusted, an attacker can still insert malicious code when the program is running to compromise system security. Therefore, to mitigate such software attacks on embedded systems, it is critical that both hardware and software are holistically combined into an effective system architecture to safeguard and preserve our nation’s interests. This project will systematically and comprehensively explore the implementation of dynamic security policies with high assurance on reconfigurable hardware with significant reduction in power and latency. This research project will foster new research directions in several areas, spanning programming languages, security policies, computer architecture, reconfigurable hardware and applications, with the potential to significantly transform the design of next-generation embedded manycore architectures. All the research findings and simulation toolkits will be disseminated to the community via conference and journal publications, and a dedicated website. The research will also play a major role in education by integrating discovery with teaching and training. This project will continue to expand outreach activities and broaden participation in computing by making the necessary efforts to attract and train minority students in this field. The design and implementation of high-level language abstractions for specification, verification, and implementation of reconfigurable hardware monitors, with specific emphasis on low-overhead defenses against control- and information-flow attacks is proposed in this project. The overarching goal of this project is to dynamically update hardware in response to program behavior in order to monitor precise security policies with minimal overhead (power, area, time). First, this project will develop high-level language abstractions for implementing dynamic security monitors, those that reconfigure at runtime to enforce precise security properties. To provide high assurance, a verified compiler to an idealized hardware description language together with associated tools such as a verified equational theory will be developed. Second, this project will explore the design and implementation of reusable hardware components against which the high-level language abstractions can be compiled both in uni- and manycore environments. The basic building blocks will be aggregated into coarse-grain reconfigurable arrays (CGRA) that can be tailored to program behavior via state and topology reconfiguration. Third, in software, this project will validate security monitors implementing defenses against code- and control-flow injection attacks, among others. In hardware, this project will extensively model and simulate security monitors using simulation tools to evaluate latency, execution time, power and area overhead on benchmark suites. Finally, this project will validate that the proposed hardware monitors that are generated by the high-level security policies will detect and mitigate attacks. This project will result in (1) novel high-level language abstractions for dynamic security policies implemented on reconfigurable hardware; (2) a verified compiler to an idealized hardware description language together with an equational theory; (3) the design and implementation of reusable hardware components (a basic block) that retain state while allowing policy reconfiguration; (4) the aggregation of basic blocks into CGRA that can be tailored to program behavior via state and topology updates for uni- and manycore architectures; and (5) extensive modeling and simulation of hardware monitors that implement defenses against code- and control-flow injection attacks using benchmarks and tools.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

当攻击利用预先存在的软件缺陷以获得对程序行为的控制时，嵌入式系统的安全性将受到损害。即使信任嵌入式硬件上运行的软件，攻击者仍可以在程序运行以损害系统安全性时插入恶意代码。因此，为了减轻对嵌入式系统的此类软件攻击，将硬件和软件都整体合并为有效的系统体系结构以维护和维护我们国家的利益至关重要。该项目将系统，彻底地探索具有可重新配置硬件的高度保证，并大大降低功率和延迟，并具有很高的保证。该研究项目将在几个领域促进新的研究指示，涵盖编程语言，安全策略，计算机体系结构，可重新配置的硬件和应用程序，并有可能显着改变下一代嵌入的多个Core架构的设计。所有研究发现和仿真工具包将通过会议和期刊出版物以及专门的网站传播到社区。这项研究还将通过将发现与教学和培训相结合，在教育中发挥重要作用。该项目将继续扩大外展活动，并通过在该领域吸引和培训少数族裔学生的必要努力来扩大计算的参与。在本项目中提出了高级语言抽象的设计和实施，用于规格，验证和实施可重新配置的硬件监视器，并在此项目中提出了针对控制和信息流攻击的低空防御措施。该项目的总体目标是动态更新硬件，以响应程序行为，以便以最小的开销（功率，区域，时间）监视精确的安全策略。首先，该项目将开发高级语言摘要，以实现动态安全监视器，即在运行时重新配置以执行精确安全属性的摘要。为了提供高度保证，将开发针对理想化的硬件说明语言的经过验证的编译器以及相关工具（例如经过验证的等效理论）。其次，该项目将探讨可重复使用的硬件组件的设计和实现，可以在这些硬件上进行高级语言抽象，并在Uni-core环境和许多核心环境中汇编。基本的构建块将汇总到可通过状态和拓扑重新配置为程序行为量身定制的粗粒颗粒可重构阵列（CGRA）。第三，在软件中，该项目将验证安全监视器，以实施针对代码和控制流注射攻击的防御措施。在硬件中，该项目将使用仿真工具对安全监视器进行广泛模拟和模拟，以评估基准套件上的延迟，执行时间，功率和面积开销。最后，该项目将验证高级安全策略生成的提议的硬件监视器将检测和减轻攻击。该项目将导致（1）针对可重新配置硬件实施的动态安全策略的新型高级语言抽象； （2）经过验证的编译器与理想化的硬件说明语言以及等效理论； （3）可重复使用的硬件组件（基本块）的设计和实施，该组件保留状态，同时允许策略重新配置； （4）将基本块汇总到CGRA中，可以通过状态和拓扑更新为单项和许多核心体系结构量身定制为程序行为； （5）使用基准和工具实施防御代码和控制流注入攻击的硬件监视器的广泛建模和模拟。该奖项反映了NSF的法定任务，并被认为值得通过基金会的知识分子优点和更广泛的影响标准通过评估来进行评估。

项目成果

Reflections of Cybersecurity Workshop for K-12 Teachers and High School Students

K-12 教师和高中生网络安全研讨会的思考

• DOI: 10.1145/3478432.3499094
• 发表时间: 2022
• 期刊: 54th ACM Technical Symposium on Computer Science Education (SIGCSE'23
• 作者: Mourning, Chad;Juedes, David;Hallman-Thrasher, Allyson;Chenji, Harsha;Kaya, Savas;Karanth, Avinash
• 通讯作者: Karanth, Avinash

Fine-Grain Reconfigurable Logic Circuits for Adaptive and Secure Computing via Work-Function Engineered Schottky Barrier FinFETs

通过功函数设计的肖特基势垒 FinFET 实现自适应和安全计算的细粒度可重构逻辑电路

• DOI: 10.1109/jxcdc.2021.3120977
• 发表时间: 2021
• 期刊: IEEE Journal on Exploratory Solid-State Computational Devices and Circuits
• 影响因子: 2.4
• 作者: Canan, Talha F.;Kaya, Savas;Chenji, Harsha;Karanth, Avinash
• 通讯作者: Karanth, Avinash

DAGGER: Exploiting Language Semantics for Program Security in Embedded Systems

DAGGER：利用语言语义实现嵌入式系统中的程序安全

• 发表时间: 2023
• 期刊: 24th International Symposium on Quality Electronic Design
• 作者: Garrett Cunningham, David Juedes