Date/Time: Wednesday, October 17th, 2012 9:00am - 12:00pm
Duration: 3 hours
Title: Hardware-Enhanced Security
Ruby Lee, Princeton University
Simha Sethumadhavan, Columbia University
Ed Suh, Cornell University
Current security research is largely oriented to top-down design where the most exposed layers of the system, the network/application layers, are first studied assuming that the lower layers are secure, even when they are not. The lower layers are studied only when new threats appear at those layers. Security has thus become, as the cliche? goes, an arms race to the bottom. There are many examples in the literature of lower-layer attacks including those that target anti- virus, libraries, OS, hypervisors, and even code stored in non-volatile ROM. For every software mitigation strategy, vulnerabilities at the same level or in the software layer below can be used to attack and weaken the mitigation strategy.
A long-term solution to this problem is to push security mechanisms down to the hardware, which is one component of the system that is typically immutable. Growing on-chip transistor budgets provides an opportunity to explore hardware-enhanced security systems. In addition to immutability offered by hardware, there are three further additional advantages to implementing hardware security mechanisms. First, hardware- supported security mechanisms are much more energy-efficient than software-supported mechanisms; given current energy- and power- efficiency trends, hardware support may be essential for security techniques to gain traction in the real world. Second, hardware offers unmatched visibility into program execution, creating opportunities for novel ways to improve systems security. Third, small hardware modifications, amounting to few lines of code, offer significant protections to trillions of lines of software. Further, because of nature of hardware construction of security features it is much more feasible to provide useful measures of security for hardware-hardened schemes.
In this tutorial we will provide a survey into emerging area of hardware-hardened security systems.
We will begin our tutorial with a historical survey of hardware security support in systems, and trends in computer architecture that show further support. We will then cover state-of-the-art research techniques for construction of backdoor-free hardware, hardware oriented techniques for strong isolation, integrity and malware detection. We will also briefly touch upon primitives such as PUFs and TPMs. We will close with a discussion on how hardware and security researchers can engage better.
- Hardware trends, historical overview of hardware security support (15 minutes)
- Hardware backdoors and trojans (40 minutes)
- Hardware mitigation of side channels (40 minutes)
- Physical Security Functions - PUFs, RNGs, etc. (40 minutes)
- Secure cloud computing (45 minutes)
The tutorial will be targeted towards a researchers and practitioners with undergraduate level computer architecture background.
To promote research on the topic of hardware-hardened security the National Science Foundation has provided us some funding. We expect to be able to offer free registration for students to attend the tutorial. All attendees will receive handouts and a bibliography of the papers discussed during the tutorial. Bios:
Simha Sethumadhavan is an Assistant Professor of Computer Science at Columbia University. He is the founding director of the computer architecture and security technologies lab (CASTL) at Columbia University. Prof. Sethumadhavan's research interests are in hardware security, hardware support for security and privacy, energy-efficient computing and systems research tools. He has been recognized with teaching and research awards including the NSF CAREER award. He obtained his PhD from UT Austin in 2007.
Ruby B. Lee is the Forrest G. Hamrick Professor of Electrical Engineering at Princeton University, with an affiliated appointment in the Computer Science department. She is the director of the Princeton Architecture Laboratory for Multimedia and Security (PALMS). Her current research is in security-aware computer architecture, secure cloud computing, trustworthy and resilient systems, crypto acceleration, secure mobile ad-hoc networks and secure embedded systems. She is a Fellow of the Association for Computing Machinery (ACM) and a Fellow of the Institute of Electrical and Electronic Engineers (IEEE). She is often asked to help in national efforts to improve cybersecurity such as co-leading the National Cyber Leap Year summit and being a committee member of the National Academies study on Improving Cybersecurity Research in the U.S. She is also Associate Editor-in-Chief of IEEE Micro and Advisory Board member of IEEE Spectrum. She has been granted over 120 United States and international patents. Prior to joining the Princeton faculty, Dr. Lee served as chief architect at Hewlett-Packard, responsible at different times for processor architecture, multimedia architecture and security architecture. Concurrent with full-time employment at HP, Dr. Lee also served as Consulting Professor of Electrical Engineering at Stanford University. She has a Ph.D. in Electrical Engineering and a M.S. in Computer Science, both from Stanford University, and an A.B. with distinction from Cornell University.
Edward Suh is an Assistant Professor in the School of Electrical and Computer Engineering at Cornell University, where he leads the Trusted Systems Group in the Computer Systems Laboratory. He received a Ph.D. degree in Electrical Engineering and Computer Science from the Massachusetts Institute of Technology (MIT) in 2005. Following the graduate school, he spent a year at Verayo Inc., leading the development of unclonable RFIDs and secure embedded processors before joining Cornell. His current research focuses on developing architectural techniques to improve security, reliability, and correctness of future computing systems. He is a recipient of an NSF CAREER award and an Air Force Office of Scientific Research (AFOSR) Young Investigator Program award.
Last modified: 2012-09-09 23:47:57 EDT