Microprocessors are widely deployed in cloud, fog, edge, and mobile computing platforms. In all cases, the economies of scale stem from our ability (through the use of mature virtualization technologies) to host large sets of applications from diverse domains. These applications increasingly operate on private or confidential user data. A major hurdle for exposing and exploiting virtualization capabilities in next generation processors is the lack of a clear vision for how to address the security challenges associated with co-locating applications that share hardware. This project singles out the challenge of controlling leakage of speculative and non-speculative microarchitecture state information: the ability of an adversary to glean sensitive information about a co-located workload by observing patterns of communication or resource utilization at various layers of the processor hardware stack. The importance of this problem is exacerbated by recent attacks on commercial microprocessors, where hardware resource sharing is exploited to expose microarchitecture state information to an adversary that is otherwise inaccessible or not directly visible in the system state.
The project develops a new abstraction for securing the microarchitecture state vulnerabilities in multicore processors. Today's processors assume temporal execution of secure (victim) and insecure (potentially malicious) applications under the purview of virtualization. For strong isolation, at each context switch, a secure processor must clean the microarchitecture state from all shared hardware resources. This project re-thinks secure processor designs, and challenges these assumptions in the context of multicore processors. A spatio-temporal execution model is envisioned, where the cores are spatially partitioned into secure and insecure clusters (or domains). The secure cluster and its accompanying software and hardware is envisioned to become the only trusted component in the multicore processor trusted computing base (TCB). This allows the concurrently executing domains to fully exploit their allocated hardware resources for performance, while guaranteeing bounded information leakage through the hardware sharing of microarchitecture state. The incorporation of security to tackle microarchitecture state vulnerabilities at various levels of the processor hardware is timely, as it ensures that the consideration of security concerns in the still-evolving hardware stack is not an afterthought. Doing so will speed up the adoption of emerging safety-critical secure applications, thus improving the hardness and certification of the US cyber infrastructure, with significant benefits to our economy and society.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
|