Rethinking Data Security in a Speculative, Hammerable, and Heterogeneous World

Abstract

Protecting the security of data is a fundamental principle that underlies the very foundation of modern software systems. A mix of techniques is used to ensure that data can have integrity (i.e., is not tampered with) and remains private (i.e., is not leaked to unauthorized parties). For instance, private execution contexts on a processor core are temporally isolated via context switching that is governed bye the operating system. Similarly, as part of the virtual memory system, address spaces in memory are spatially isolated, where processors do not have direct access to each others# private data. These isolation primitives also form the basis of protecting the integrity of private data. Alas, the rapid evolution of the computing landscape, where performance is the main driver, has been increasingly shaking the security foundation of computer systems. For instance, heavily-optimized out-of-order processors are vulnerable to speculative execution attacks such as Spectre, Meltdown, andForeshadow that attackers can use to leak data from a virtual machine running in a cloud environment. Similarly, denser memory with increased capacity and bandwidth are increasingly more vulnerable to bit-flips that attackers may use to mount attacks such as Rowhammer, which can cause serious consequences such as data loss and privilege escalation. More broadly, computer systems are moving towards an increasingly heterogeneous landscape due to the virtual halt of Moore#s Law and Dennard#s scaling. The heterogeneity of systems that incorporate different compute units (CPUs, GPUs, FPGAs etc.), interconnect technologies (RDMA, CXL, Terabit Ethernet, etc.), and memory hierarchies (DRAM, persistent memory, SSDs,etc.) make such systems susceptible to new vulnerabilities (e.g., due to an increase in side channels) as a result of increased sharing and data movement. In this project, we argue that in light of the rapidly-evolving landscape of computer systems, novel and more comprehensive data security primitives need to be pursued rigorously at all layers of the computing stack. Our project will pursuethese new data security primitives along three key thrusts: - In the first thrust, we will explore microarchitectural context isolation as a foundational building block for designing all future compute units (CPUs, GPUs, FPGAs, etc.). Context isolation is a fundamental principle used to secure different processes executing on the same system from one another. Alas, this isolation guarantee does not extend to the microarchitecture, where attackers can leverage side-effects of computations (e.g., left in the processor cache) to leak secrets. This thrust will develop four techniques to provide microarchitectural context isolation with varying security/performance trade-offs: (1) complete temporal isolation via microarchitectural save-and-restore, (2) complete spatial isolation via dynamic context partitioning, (3) probabilistic context isolation via randomization, (4) ensuringnon-observability via dynamic information flow control. - In the second thrust, we will design new data integrity primitives that will reduce susceptibility of current memory systems to bit-flips. In particular, we will develop three techniques. - In the third thrust, we will investigate new securityvulnerabilities that are expected to manifest in heterogeneous systems and pursue techniques to detect and defend against such vulnerabilities. This thrust will comprise three main tasks. We will first pursue a thorough study of security vulnerabilities in heterogeneous computer systems to provide a classification of the3 identified failures based on their root causes. We will then develop program analysis techniques to automatically detect such vulnerabilities. Finally, we will design defense mechanisms against vulnerabilities in heterogeneous systems. Approved for Public Release

Document Details

Document Type

DoD Grant Award

Publication Date

May 15, 2023

Source ID

N000142312583

Entities

Tags