Rethinking Data Security in a Speculative, Hammerable, and Heterogeneous World

Abstract

Protecting the security of data is a fundamental principle that underlies the very foundation of modern software systems. A mix of t,authorized parties). For instance, private execution contexts on a processor core are temporally isolated via context switching that, is governed bye the operating system. Similarly, as part of the virtual memory system, address spaces in memory are spatially isola,ted, where processors do not have direct access to each others private data. These isolation primitives also form the basis of prot,ecting the integrity of private data. Alas, the rapid evolution of the computing landscape, where performance is the main driver, ha,s been increasingly shaking the security foundation of computer systems. For instance, heavily-optimized out-of-order processors are, vulnerable to speculative execution attacks such as Spectre, Meltdown, and Foreshadow that attackers can use to leak data from a vi,rtual machine running in a cloud environment. Similarly, denser memory with increased capacity and bandwidth are increasingly more v,ulnerable to bit-flips that attackers may use to mount attacks such as Rowhammer, which can cause serious consequences such as data, loss and privilege escalation. More broadly, computer systems are moving towards an increasingly heterogeneous landscape due to the, virtual halt of Moores Law and Dennards scaling. The heterogeneity of systems that incorporate different compute units (CPUs, GPU,s, FPGAs etc.), interconnect technologies (RDMA, CXL, Terabit Ethernet, etc.), and memory hierarchies (DRAM, persistent memory, SSDs,,etc.) make such systems susceptible to new vulnerabilities (e.g., due to an increase in side channels) as a result of increased sha,ring and data movement. In this project, we argue that in light of the rapidly-evolving landscape of computer systems, novel and mor,e comprehensive data security primitives need to be pursued rigorously at all layers of the computing stack. Our project will pursue, these new data security primitives along three key thrusts:- In the first thrust, we will explore microarchitectural context isolat,ion as a foundational building block for designing all future compute units (CPUs, GPUs, FPGAs, etc.). Context isolation is a fundam,ental principle used to secure different processes executing on the same system from one another. Alas, this isolation guarantee doe,s not extend to the microarchitecture, where attackers can leverage side-effects of computations (e.g., left in the processor cache),to leak secrets. This thrust will develop four techniques to provide microarchitectural context isolation with varying security/perf,ormance trade-offs: (1) complete temporal isolation via microarchitectural save-and-restore, (2) complete spatial isolation via dyna,mic context partitioning, (3) probabilistic context isolation via randomization, (4) ensuring non-observability via dynamic informat,ion flow control.- In the second thrust, we will design new data integrity primitives that will reduce susceptibility of cu,ory systems to bit-flips. In particular, we will develop three techniques.- In the third thrust, we will investigate new security vu,lnerabilities that are expected to manifest in heterogeneous systems and pursue techniques to detect and defend against such vulnera,bilities. This thrust will comprise three main tasks. We will first pursue a thorough study of security vulnerabilities in heterogen,eous computer systems to provide a classification of the3 identified failures based on their root causes. We will then develop progr,ies in heterogeneous systems. Approved for Public Release.

Document Details

Document Type

DoD Grant Award

Publication Date

Jul 08, 2022

Source ID

N000142212506

Entities

Tags