Visible to the public Biblio

Found 113 results

Filters: Keyword is hardware security  [Clear All Filters]
2023-09-01
She, Cairui, Chen, Liwei, Shi, Gang.  2022.  TFCFI:Transparent Forward Fine-grained Control-Flow Integrity Protection. 2022 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :407—414.
Code-reuse attacks (including ROP/JOP) severely threaten computer security. Control-flow integrity (CFI), which can restrict control flow in legal scope, is recognised as an effective defence mechanism against code-reuse attacks. Hardware-based CFI uses Instruction Set Architecture (ISA) extensions with additional hardware modules to implement CFI and achieve better performance. However, hardware-based fine-grained CFI adds new instructions to the ISA, which can not be executed on old processors and breaks the compatibility of programs. Some coarse-grained CFI designs, such as Intel IBT, maintain the compatibility of programs but can not provide enough security guarantees.To balance the security and compatibility of hardware CFI, we propose Transparent Forward CFI (TFCFI). TFCFI implements hardware-based fine-grained CFI designs without changing the ISA. The software modification of TFCFI utilizes address information and hint instructions in RISC-V as transparent labels to mark the program. The hardware module of TFCFI monitors the control flow during execution. The program modified by TFCFI can be executed on old processors without TFCFI. Benefiting from transparent labels, TFCFI also solves the destination equivalence problem. The experiment on FPGA shows that TFCFI incurs negligible performance overhead (1.82% on average).
2023-08-18
Lo, Pei-Yu, Chen, Chi-Wei, Hsu, Wei-Ting, Chen, Chih-Wei, Tien, Chin-Wei, Kuo, Sy-Yen.  2022.  Semi-supervised Trojan Nets Classification Using Anomaly Detection Based on SCOAP Features. 2022 IEEE International Symposium on Circuits and Systems (ISCAS). :2423—2427.
Recently, hardware Trojan has become a serious security concern in the integrated circuit (IC) industry. Due to the globalization of semiconductor design and fabrication processes, ICs are highly vulnerable to hardware Trojan insertion by malicious third-party vendors. Therefore, the development of effective hardware Trojan detection techniques is necessary. Testability measures have been proven to be efficient features for Trojan nets classification. However, most of the existing machine-learning-based techniques use supervised learning methods, which involve time-consuming training processes, need to deal with the class imbalance problem, and are not pragmatic in real-world situations. Furthermore, no works have explored the use of anomaly detection for hardware Trojan detection tasks. This paper proposes a semi-supervised hardware Trojan detection method at the gate level using anomaly detection. We ameliorate the existing computation of the Sandia Controllability/Observability Analysis Program (SCOAP) values by considering all types of D flip-flops and adopt semi-supervised anomaly detection techniques to detect Trojan nets. Finally, a novel topology-based location analysis is utilized to improve the detection performance. Testing on 17 Trust-Hub Trojan benchmarks, the proposed method achieves an overall 99.47% true positive rate (TPR), 99.99% true negative rate (TNR), and 99.99% accuracy.
2023-07-13
Zhang, Zhun, Hao, Qiang, Xu, Dongdong, Wang, Jiqing, Ma, Jinhui, Zhang, Jinlei, Liu, Jiakang, Wang, Xiang.  2022.  Real-Time Instruction Execution Monitoring with Hardware-Assisted Security Monitoring Unit in RISC-V Embedded Systems. 2022 8th Annual International Conference on Network and Information Systems for Computers (ICNISC). :192–196.

Embedded systems involve an integration of a large number of intellectual property (IP) blocks to shorten chip's time to market, in which, many IPs are acquired from the untrusted third-party suppliers. However, existing IP trust verification techniques cannot provide an adequate security assurance that no hardware Trojan was implanted inside the untrusted IPs. Hardware Trojans in untrusted IPs may cause processor program execution failures by tampering instruction code and return address. Therefore, this paper presents a secure RISC-V embedded system by integrating a Security Monitoring Unit (SMU), in which, instruction integrity monitoring by the fine-grained program basic blocks and function return address monitoring by the shadow stack are implemented, respectively. The hardware-assisted SMU is tested and validated that while CPU executes a CoreMark program, the SMU does not incur significant performance overhead on providing instruction security monitoring. And the proposed RISC-V embedded system satisfies good balance between performance overhead and resource consumption.

2023-04-28
Tang, Shibo, Wang, Xingxin, Gao, Yifei, Hu, Wei.  2022.  Accelerating SoC Security Verification and Vulnerability Detection Through Symbolic Execution. 2022 19th International SoC Design Conference (ISOCC). :207–208.
Model checking is one of the most commonly used technique in formal verification. However, the exponential scale state space renders exhaustive state enumeration inefficient even for a moderate System on Chip (SoC) design. In this paper, we propose a method that leverages symbolic execution to accelerate state space search and pinpoint security vulnerabilities. We automatically convert the hardware design to functionally equivalent C++ code and utilize the KLEE symbolic execution engine to perform state exploration through heuristic search. To reduce the search space, we symbolically represent essential input signals while making non-critical inputs concrete. Experiment results have demonstrated that our method can precisely identify security vulnerabilities at significantly lower computation cost.
2023-04-14
Monani, Ravi, Rogers, Brian, Rezaei, Amin, Hedayatipour, Ava.  2022.  Implementation of Chaotic Encryption Architecture on FPGA for On-Chip Secure Communication. 2022 IEEE Green Energy and Smart System Systems (IGESSC). :1–6.
Chaos is an interesting phenomenon for nonlinear systems that emerges due to its complex and unpredictable behavior. With the escalated use of low-powered edge-compute devices, data security at the edge develops the need for security in communication. The characteristic that Chaos synchronizes over time for two different chaotic systems with their own unique initial conditions, is the base for chaos implementation in communication. This paper proposes an encryption architecture suitable for communication of on-chip sensors to provide a POC (proof of concept) with security encrypted on the same chip using different chaotic equations. In communication, encryption is achieved with the help of microcontrollers or software implementations that use more power and have complex hardware implementation. The small IoT devices are expected to be operated on low power and constrained with size. At the same time, these devices are highly vulnerable to security threats, which elevates the need to have low power/size hardware-based security. Since the discovery of chaotic equations, they have been used in various encryption applications. The goal of this research is to take the chaotic implementation to the CMOS level with the sensors on the same chip. The hardware co-simulation is demonstrated on an FPGA board for Chua encryption/decryption architecture. The hardware utilization for Lorenz, SprottD, and Chua on FPGA is achieved with Xilinx System Generation (XSG) toolbox which reveals that Lorenz’s utilization is 9% lesser than Chua’s.
ISSN: 2640-0138
2023-02-28
Hroub, Ayman, Elrabaa, Muhammad E. S..  2022.  SecSoC: A Secure System on Chip Architecture for IoT Devices. 2022 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). :41—44.
IoT technology is finding new applications every day and everywhere in our daily lives. With that, come new use cases with new challenges in terms of device and data security. One of such challenges arises from the fact that many IoT devices/nodes are no longer being deployed on owners' premises, but rather on public or private property other than the owner's. With potential physical access to the IoT node, adversaries can launch many attacks that circumvent conventional protection methods. In this paper, we propose Secure SoC (SecSoC), a secure system-on-chip architecture that mitigates such attacks. This include logical memory dump attacks, bus snooping attacks, and compromised operating systems. SecSoC relies on two main mechanisms, (1) providing security extensions to the compute engine that runs the user application without changing its instruction set, (2) adding a security management unit (SMU) that provide HW security primitives for encryption, hashing, random number generators, and secrets store (keys, certificates, etc.). SecSoC ensures that no secret or sensitive data can leave the SoC IC in plaintext. SecSoC is being implemented in Bluespec System V erilog. The experimental results will reveal the area, power, and cycle time overhead of these security extensions. Overall performance (total execution time) will also be evaluated using IoT benchmarks.
2023-02-17
Hutto, Kevin, Grijalva, Santiago, Mooney, Vincent.  2022.  Hardware-Based Randomized Encoding for Sensor Authentication in Power Grid SCADA Systems. 2022 IEEE Texas Power and Energy Conference (TPEC). :1–6.
Supervisory Control and Data Acquisition (SCADA) systems are utilized extensively in critical power grid infrastructures. Modern SCADA systems have been proven to be susceptible to cyber-security attacks and require improved security primitives in order to prevent unwanted influence from an adversarial party. One section of weakness in the SCADA system is the integrity of field level sensors providing essential data for control decisions at a master station. In this paper we propose a lightweight hardware scheme providing inferred authentication for SCADA sensors by combining an analog to digital converter and a permutation generator as a single integrated circuit. Through this method we encode critical sensor data at the time of sensing, so that unencoded data is never stored in memory, increasing the difficulty of software attacks. We show through experimentation how our design stops both software and hardware false data injection attacks occurring at the field level of SCADA systems.
2023-02-03
Song, Sanquan, Tell, Stephen G., Zimmer, Brian, Kudva, Sudhir S., Nedovic, Nikola, Gray, C. Thomas.  2022.  An FLL-Based Clock Glitch Detector for Security Circuits in a 5nm FINFET Process. 2022 IEEE Symposium on VLSI Technology and Circuits (VLSI Technology and Circuits). :146–147.
The rapid complexity growth of electronic systems nowadays increases their vulnerability to hacking, such as fault injection, including insertion of glitches into the system clock to corrupt internal state through timing errors. As a countermeasure, a frequency locked loop (FLL) based clock glitch detector is proposed in this paper. Regulated from an external supply voltage, this FLL locks at 16-36X of the system clock, creating four phases to measure the system clock by oversampling at 64-144X. The samples are then used to sense the frequency and close the frequency locked loop, as well as to detect glitches through pattern matching. Implemented in a 5nm FINFET process, it can detect the glitches or pulse width variations down to 3.125% of the input 40MHz clock cycle with the supply varying from 0.5 to 1.0V.
ISSN: 2158-9682
2023-01-13
Purdy, Ruben, Duvalsaint, Danielle, Blanton, R. D. Shawn.  2022.  Security Metrics for Logic Circuits. 2022 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). :53—56.
Any type of engineered design requires metrics for trading off both desirable and undesirable properties. For integrated circuits, typical properties include circuit size, performance, power, etc., where for example, performance is a desirable property and power consumption is not. Security metrics, on the other hand, are extremely difficult to develop because there are active adversaries that intend to compromise the protected circuitry. This implies metric values may not be static quantities, but instead are measures that degrade depending on attack effectiveness. In order to deal with this dynamic aspect of a security metric, a general attack model is proposed that enables the effectiveness of various security approaches to be directly compared in the context of an attack. Here, we describe, define and demonstrate that the metrics presented are both meaningful and measurable.
Kareem, Husam, Almousa, Khaleel, Dunaev, Dmitriy.  2022.  Matlab GUI-based Tool to Determine Performance Metrics of Physical Unclonable Functions. 2022 Cybernetics & Informatics (K&I). :1—5.
This paper presents a MATLAB Graphical User Interface (GUI) based tool that determines the performance evaluation metrics of the physically unclonable functions (PUFs). The PUFs are hardware security primitives which can be utilized in several hardware security applications like integrated circuits protection, device authentication, secret key generation, and hardware obfuscation. Like any other technology approach, PUFs evaluation requires testing different performance metrics, each of which can be determined by at least one mathematical equation. The proposed tool (PUFs Tool) reads the PUF instances’ output and then computes and generates the values of the main PUFs’ performance metrics: uniqueness, reliability, uniformity, and bit-aliasing. In addition, it generates a bar code for each PUF instance considered in the evaluation process. The PUFs Tool is designed and developed using the app designer of MATLAB software 2021b.
2022-12-01
Ajorpaz, Samira Mirbagher, Moghimi, Daniel, Collins, Jeffrey Neal, Pokam, Gilles, Abu-Ghazaleh, Nael, Tullsen, Dean.  2022.  EVAX: Towards a Practical, Pro-active & Adaptive Architecture for High Performance & Security. 2022 55th IEEE/ACM International Symposium on Microarchitecture (MICRO). :1218—1236.
This paper provides an end-to-end solution to defend against known microarchitectural attacks such as speculative execution attacks, fault-injection attacks, covert and side channel attacks, and unknown or evasive versions of these attacks. Current defenses are attack specific and can have unacceptably high performance overhead. We propose an approach that reduces the overhead of state-of-art defenses by over 95%, by applying defenses only when attacks are detected. Many current proposed mitigations are not practical for deployment; for example, InvisiSpec has 27% overhead and Fencing has 74% overhead while protecting against only Spectre attacks. Other mitigations carry similar performance penalties. We reduce the overhead for InvisiSpec to 1.26% and for Fencing to 3.45% offering performance and security for not only spectre attacks but other known transient attacks as well, including the dangerous class of LVI and Rowhammer attacks, as well as covering a large set of future evasive and zero-day attacks. Critical to our approach is an accurate detector that is not fooled by evasive attacks and that can generalize to novel zero-day attacks. We use a novel Generative framework, Evasion Vaccination (EVAX) for training ML models and engineering new security-centric performance counters. EVAX significantly increases sensitivity to detect and classify attacks in time for mitigation to be deployed with low false positives (4 FPs in every 1M instructions in our experiments). Such performance enables efficient and timely mitigations, enabling the processor to automatically switch between performance and security as needed.
2022-09-30
Hutto, Kevin, Mooney, Vincent J..  2021.  Sensing with Random Encoding for Enhanced Security in Embedded Systems. 2021 10th Mediterranean Conference on Embedded Computing (MECO). :1–6.
Embedded systems in physically insecure environments are subject to additional security risk via capture by an adversary. A captured microchip device can be reverse engineered to recover internal buffer data that would otherwise be inaccessible through standard IO mechanisms. We consider an adversary who has sufficient ability to gain all internal bits and logic from a device at the time of capture as an unsolved threat. In this paper we present a novel sensing architecture that enhances embedded system security by randomly encoding sensed values. We randomly encode data at the time of sensing to minimize the amount of plaintext data present on a device in buffer memory. We encode using techniques that are unintelligible to an adversary even with full internal bit knowledge. The encoding is decipherable by a trusted home server, and we have provided an architecture to perform this decoding. Our experimental results show the proposed architecture meets timing requirements needed to perform communications with a satellite utilizing short-burst data, such as in remote sensing telemetry and tracking applications.
2022-09-20
Koteshwara, Sandhya.  2021.  Security Risk Assessment of Server Hardware Architectures Using Graph Analysis. 2021 Asian Hardware Oriented Security and Trust Symposium (AsianHOST). :1—4.
The growing complexity of server architectures, which incorporate several components with state, has necessitated rigorous assessment of the security risk both during design and operation. In this paper, we propose a novel technique to model the security risk of servers by mapping their architectures to graphs. This allows us to leverage tools from computational graph theory, which we combine with probability theory for deriving quantitative metrics for risk assessment. Probability of attack is derived for server components, with prior probabilities assigned based on knowledge of existing vulnerabilities and countermeasures. The resulting analysis is further used to compute measures of impact and exploitability of attack. The proposed methods are demonstrated on two open-source server designs with different architectures.
2022-09-09
Vosatka, Jason, Stern, Andrew, Hossain, M.M., Rahman, Fahim, Allen, Jeffery, Allen, Monica, Farahmandi, Farimah, Tehranipoor, Mark.  2020.  Confidence Modeling and Tracking of Recycled Integrated Circuits, Enabled by Blockchain. 2020 IEEE Research and Applications of Photonics in Defense Conference (RAPID). :1—3.
The modern electronics supply chain is a globalized marketplace with the increasing threat of counterfeit integrated circuits (ICs) being installed into mission critical systems. A number of methods for detecting counterfeit ICs exist; however, effective test and evaluation (T&E) methods to assess the confidence of detecting recycled ICs are needed. Additionally, methods for the trustworthy tracking of recycled ICs in the supply chain are also needed. In this work, we propose a novel methodology to address the detection and tracking of recycled ICs at each stage of the electronics supply chain. We present a case study demonstrating our assessment model to calculate the confidence levels of authentic and recycled ICs, and to confidently track these types of ICs throughout the electronics supply chain.
2022-07-29
Saxena, Nikhil, Narayanan, Ram Venkat, Meka, Juneet Kumar, Vemuri, Ranga.  2021.  SRTLock: A Sensitivity Resilient Two-Tier Logic Encryption Scheme. 2021 IEEE International Symposium on Smart Electronic Systems (iSES). :389—394.
Logic encryption is a method to improve hardware security by inserting key gates on carefully selected signals in a logic design. Various logic encryption schemes have been proposed in the past decade. Many attack methods to thwart these logic locking schemes have also emerged. The satisfiability (SAT) attack can recover correct keys for many logic obfuscation methods. Recently proposed sensitivity analysis attack can decrypt stripped functionality based logic encryption schemes. This article presents a new encryption scheme named SRTLock, which is resilient against both attacks. SRTLock method first generates 0-injection circuits and encrypts the functionality of these nodes with the key inputs. In the next step, these values are used to control the sensitivity of the functionally stripped output for specific input patterns. The resultant locked circuit is resilient against the SAT and sensitivity analysis attacks. Experimental results demonstrating this on several attacks using standard benchmark circuits are presented.
Li, Leon, Ni, Shuyi, Orailoglu, Alex.  2021.  JANUS: Boosting Logic Obfuscation Scope Through Reconfigurable FSM Synthesis. 2021 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). :292—303.
Logic obfuscation has been proposed as a counter-measure against supply chain threats such as overproduction and IP piracy. However, the functional corruption it offers can be exploited by oracle-guided pruning attacks to recover the obfuscation key, forcing existing logic obfuscation methods to trivialize their output corruption which in turn leads to a diminished protection scope. In this paper, we address this quandary through an FSM obfuscation methodology that delivers obfuscation scope not only through external secrets but more importantly through inherent state transition patterns. We leverage a minimum-cut graph partitioning algorithm to divide the FSM diagram and implement the resulting partitions with distinct FF configurations, enabled by a novel synthesis methodology supporting reconfigurable FFs. The obfuscated FSM can be activated by invoking key values to dynamically switch the FF configuration at a small number of inter-partition transitions. Yet, the overall obfuscation scope comprises far more intra-partition transitions which are driven solely by the inherent transition sequences and thus reveal no key trace. We validate the security of the proposed obfuscation method against numerous functional and structural attacks. Experimental results confirm its delivery of extensive obfuscation scope at marginal overheads.
Shanmukha Naga Naidu, P., Naga Sumanth, B., Sri Ram Koduri, Pavan, Sri Ram Teja, M., Remadevi Somanathan, Geethu, Bhakthavatchalu, Ramesh.  2021.  Secured Test Pattern Generators for BIST. 2021 5th International Conference on Computing Methodologies and Communication (ICCMC). :542—546.
With the development in IC technology, testing the designs is becoming more and more complex. In the design, process testing consumes 60-80% of the time. The basic testing principle is providing the circuit under test (CUT) with input patterns, observing output responses, and comparing against the desired response called the golden response. As the density of the device are rising leads to difficulty in examining the sub-circuit of the chip. So, testing of design is becoming a time-consuming and costly process. Attaching additional logic to the circuit resolves the issue by testing itself. BIST is a relatively a design for testability technique to facilitate thorough testing of ICs and it comprises the test pattern generator, circuit under test, and output response analyzer. Quick diagnosis and very high fault coverage can be ensured by BIST. As complexity in the circuit is increasing, testing urges TPGs (Test Pattern Generators) to generate the test patterns for the CUT to sensitize the faults. TPGs are vulnerable to malicious activities such as scan-based side-channel attacks. Secret data saved on the chip can be extracted by an attacker by scanning out the test outcomes. These threats lead to the emergence of securing TPGs. This work demonstrates providing a secured test pattern generator for BIST circuits by locking the logic of TPG with a password or key generated by the key generation circuit. Only when the key is provided test patterns are generated. This provides versatile protection to TPG from malicious attacks such as scan-based side-channel attacks, Intellectual Property (IP) privacy, and IC overproduction.
2022-05-20
Chen, Zhaohui, Karabulut, Emre, Aysu, Aydin, Ma, Yuan, Jing, Jiwu.  2021.  An Efficient Non-Profiled Side-Channel Attack on the CRYSTALS-Dilithium Post-Quantum Signature. 2021 IEEE 39th International Conference on Computer Design (ICCD). :583–590.
Post-quantum digital signature is a critical primitive of computer security in the era of quantum hegemony. As a finalist of the post-quantum cryptography standardization process, the theoretical security of the CRYSTALS-Dilithium (Dilithium) signature scheme has been quantified to withstand classical and quantum cryptanalysis. However, there is an inherent power side-channel information leakage in its implementation instance due to the physical characteristics of hardware.This work proposes an efficient non-profiled Correlation Power Analysis (CPA) strategy on Dilithium to recover the secret key by targeting the underlying polynomial multiplication arithmetic. We first develop a conservative scheme with a reduced key guess space, which can extract a secret key coefficient with a 99.99% confidence using 157 power traces of the reference Dilithium implementation. However, this scheme suffers from the computational overhead caused by the large modulus in Dilithium signature. To further accelerate the CPA run-time, we propose a fast two-stage scheme that selects a smaller search space and then resolves false positives. We finally construct a hybrid scheme that combines the advantages of both schemes. Real-world experiment on the power measurement data shows that our hybrid scheme improves the attack’s execution time by 7.77×.
2022-05-19
Takemoto, Shu, Ikezaki, Yoshiya, Nozaki, Yusuke, Yoshikawa, Masaya.  2021.  Hardware Trojan for Lightweight Cryptoraphy Elephant. 2021 IEEE 10th Global Conference on Consumer Electronics (GCCE). :944–945.
While a huge number of IoT devices are connecting to the cyber physical systems, the demand for security of these devices are increasing. Due to the demand, world-wide competition for lightweight cryptography oriented towards small devices have been held. Although tamper resistance against illegal attacks were evaluated in the competition, there is no evaluation for embedded malicious circuits such as hardware Trojan.To achieve security evaluation for embedded malicious circuits, this study proposes an implementation method of hardware Trojan for Elephant which is one of the finalists in the competition. And also, the implementation overhead of hardware Trojans and the security risk of hardware Trojan are evaluated.
Su, Yu, Shen, Haihua, Lu, Renjie, Ye, Yunying.  2021.  A Stealthy Hardware Trojan Design and Corresponding Detection Method. 2021 IEEE International Symposium on Circuits and Systems (ISCAS). :1–6.
For the purpose of stealthiness, trigger-based Hardware Trojans(HTs) tend to have at least one trigger signal with an extremely low transition probability to evade the functional verification. In this paper, we discuss the correlation between poor testability and low transition probability, and then propose a kind of systematic Trojan trigger model with extremely low transition probability but reasonable testability, which can disable the Controllability and Observability for hardware Trojan Detection (COTD) technique, an efficient HT detection method based on circuits testability. Based on experiments and tests on circuits, we propose that the more imbalanced 0/1-controllability can indicate the lower transition probability. And a trigger signal identification method using the imbalanced 0/1-controllability is proposed. Experiments on ISCAS benchmarks show that the proposed method can obtain a 100% true positive rate and average 5.67% false positive rate for the trigger signal.
Kurihara, Tatsuki, Togawa, Nozomu.  2021.  Hardware-Trojan Classification based on the Structure of Trigger Circuits Utilizing Random Forests. 2021 IEEE 27th International Symposium on On-Line Testing and Robust System Design (IOLTS). :1–4.
Recently, with the spread of Internet of Things (IoT) devices, embedded hardware devices have been used in a variety of everyday electrical items. Due to the increased demand for embedded hardware devices, some of the IC design and manufacturing steps have been outsourced to third-party vendors. Since malicious third-party vendors may insert malicious circuits, called hardware Trojans, into their products, developing an effective hardware Trojan detection method is strongly required. In this paper, we propose 25 hardware-Trojan features based on the structure of trigger circuits for machine-learning-based hardware Trojan detection. Combining the proposed features into 11 existing hardware-Trojan features, we totally utilize 36 hardware-Trojan features for classification. Then we classify the nets in an unknown netlist into a set of normal nets and Trojan nets based on the random-forest classifier. The experimental results demonstrate that the average true positive rate (TPR) becomes 63.6% and the average true negative rate (TNR) becomes 100.0%. They improve the average TPR by 14.7 points while keeping the average TNR compared to existing state-of-the-art methods. In particular, the proposed method successfully finds out Trojan nets in several benchmark circuits, which are not found by the existing method.
2022-04-01
Akram, Ayaz, Giannakou, Anna, Akella, Venkatesh, Lowe-Power, Jason, Peisert, Sean.  2021.  Performance Analysis of Scientific Computing Workloads on General Purpose TEEs. 2021 IEEE International Parallel and Distributed Processing Symposium (IPDPS). :1066–1076.
Scientific computing sometimes involves computation on sensitive data. Depending on the data and the execution environment, the HPC (high-performance computing) user or data provider may require confidentiality and/or integrity guarantees. To study the applicability of hardware-based trusted execution environments (TEEs) to enable secure scientific computing, we deeply analyze the performance impact of general purpose TEEs, AMD SEV, and Intel SGX, for diverse HPC benchmarks including traditional scientific computing, machine learning, graph analytics, and emerging scientific computing workloads. We observe three main findings: 1) SEV requires careful memory placement on large scale NUMA machines (1×-3.4× slowdown without and 1×-1.15× slowdown with NUMA aware placement), 2) virtualization-a prerequisite for SEV- results in performance degradation for workloads with irregular memory accesses and large working sets (1×-4× slowdown compared to native execution for graph applications) and 3) SGX is inappropriate for HPC given its limited secure memory size and inflexible programming model (1.2×-126× slowdown over unsecure execution). Finally, we discuss forthcoming new TEE designs and their potential impact on scientific computing.
2022-03-14
Mambretti, Andrea, Sandulescu, Alexandra, Sorniotti, Alessandro, Robertson, William, Kirda, Engin, Kurmus, Anil.  2021.  Bypassing memory safety mechanisms through speculative control flow hijacks. 2021 IEEE European Symposium on Security and Privacy (EuroS P). :633–649.
The prevalence of memory corruption bugs in the past decades resulted in numerous defenses, such as stack canaries, control flow integrity (CFI), and memory-safe languages. These defenses can prevent entire classes of vulnerabilities, and help increase the security posture of a program. In this paper, we show that memory corruption defenses can be bypassed using speculative execution attacks. We study the cases of stack protectors, CFI, and bounds checks in Go, demonstrating under which conditions they can be bypassed by a form of speculative control flow hijack, relying on speculative or architectural overwrites of control flow data. Information is leaked by redirecting the speculative control flow of the victim to a gadget accessing secret data and acting as a side channel send. We also demonstrate, for the first time, that this can be achieved by stitching together multiple gadgets, in a speculative return-oriented programming attack. We discuss and implement software mitigations, showing moderate performance impact.
2022-03-01
Huang, Shanshi, Peng, Xiaochen, Jiang, Hongwu, Luo, Yandong, Yu, Shimeng.  2021.  Exploiting Process Variations to Protect Machine Learning Inference Engine from Chip Cloning. 2021 IEEE International Symposium on Circuits and Systems (ISCAS). :1–5.
Machine learning inference engine is of great interest to smart edge computing. Compute-in-memory (CIM) architecture has shown significant improvements in throughput and energy efficiency for hardware acceleration. Emerging nonvolatile memory (eNVM) technologies offer great potentials for instant on and off by dynamic power gating. Inference engine is typically pre-trained by the cloud and then being deployed to the field. There is a new security concern on cloning of the weights stored on eNVM-based CIM chip. In this paper, we propose a countermeasure to the weight cloning attack by exploiting the process variations of the periphery circuitry. In particular, we use weight fine-tuning to compensate the analog-to-digital converter (ADC) offset for a specific chip instance while inducing significant accuracy drop for cloned chip instances. We evaluate our proposed scheme on a CIFAR-10 classification task using a VGG- 8 network. Our results show that with precisely chosen transistor size on the employed SAR-ADC, we could maintain 88% 90% accuracy for the fine-tuned chip while the same set of weights cloned on other chips will only have 20 40% accuracy on average. The weight fine-tune could be completed within one epoch of 250 iterations. On average only 0.02%, 0.025%, 0.142% of cells are updated for 2-bit, 4-bit, 8-bit weight precisions in each iteration.
Salem, Heba, Topham, Nigel.  2021.  Trustworthy Computing on Untrustworthy and Trojan-Infected on-Chip Interconnects. 2021 IEEE European Test Symposium (ETS). :1–2.
This paper introduces a scheme for achieving trustworthy computing on SoCs that use an outsourced AXI interconnect for on-chip communication. This is achieved through component guarding, data tagging, event verification, and consequently responding dynamically to an attack. Experimental results confirm the ability of the proposed scheme to detect HT attacks and respond to them at run-time. The proposed scheme extends the state-of-art in trustworthy computing on untrustworthy components by focusing on the issue of an untrusted on-chip interconnect for the first time, and by developing a scheme that is independent of untrusted third-party IP.