Collaborative Research: SaTC: CORE: Medium: Systematic Detection Of and Defenses Against Next-Generation Microarchitectural Attacks

协作研究：SaTC：核心：中：下一代微架构攻击的系统检测和防御

• 批准号: 2154183
• 负责人: Christopher Fletcher
• 金额: $ 40万
• 依托单位: University of Illinois at Urbana-Champaign
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-10-01 至 2026-09-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2154183&HistoricalAwards=false
• 关键词: Collaborative; Research; SaTC; CORE; Medium

It is difficult to compute on sensitive data without inadvertently leaking it to the wrong party. Making matters worse, processor design significantly exacerbates this problem. Specifically, processors are made up of performance optimizations (called microarchitecture). Research has shown how a savvy attacker can manipulate microarchitecture to leak sensitive data. This project’s novelties are to design methodologies and tools for analyzing microarchitecture through a security lens: capturing its potential to leak sensitive data and providing actionable feedback to hardware designers and software writers to help avoid sensitive data breaches at both hardware design time and software run time. The project’s broader impact and importance is to develop a means for building efficient, secure processors—i.e., those where performance and security are not mutually exclusive.The project is broken into two synergistic thrusts. Thrust 1, Analysis, develops techniques for understanding and succinctly characterizing the information leakage potential of microarchitectural components (at various stages in their development) when they are integrated into a larger design. Thrust 2, Hardening, develops techniques for using said characterizations (specifications), e.g., generated by thrust 1, to derive software mitigations. In both thrusts, a major goal is to develop techniques that can be automated. Correspondingly, by the end of the project, the goal is to develop and disseminate a complete end-to-end prototype framework that can be used alongside traditional hardware design flows to 1) enable security-efficiency co-design by hardware engineers and 2) protect programs when run on previously analyzed microarchitectures.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

很难在不无意中将敏感数据泄露给错误的一方的情况下，更糟糕的是，处理器的设计大大加剧了这个问题，具体来说，处理器是由性能优化（称为微架构）组成的。操纵微架构来泄露敏感数据 该项目的新颖之处在于设计通过安全视角分析微架构的方法和工具：捕捉其泄露敏感数据的潜力，并向硬件设计者和软件编写者提供可操作的反馈，以帮助避免敏感数据。该项目的更广泛影响和重要性是开发一种构建安全处理器的方法，即那些性能和安全性不能互惠互利的处理器。该项目分为两个协同主旨。主旨 1，分析，开发了用于理解和简洁描述微架构组件（在其开发的各个阶段）集成到更大的设计中时的信息泄漏潜力的技术。 2，强化，开发使用所述特征（规范）（例如由推力 1 生成）来导出软件缓解措施的技术。在这两个推力中，主要目标是在项目结束时开发相应的自动化技术。 ，目标是开发和传播一个完整的端到端原型框架，该框架可以与传统硬件设计流程一起使用，以 1) 实现硬件工程师的安全高效协同设计，2) 保护运行时的程序该奖项反映了 NSF 的法定使命，并且通过使用基金会的智力价值和更广泛的影响审查标准进行评估，被认为值得支持。