Spotlight on Lablet Research #5 - Side-Channel Attack Resistance

Spotlight on Lablet Research #5 -

Project: Side-Channel Attack Resistance

Lablet: University of Kansas

Cyber-Physical Systems (CPS)--cars, airplanes, power plants, etc.--are increasingly dependent on powerful and complex hardware for higher intelligence and functionalities. However, this complex hardware may also introduce new attack vectors--hardware side-channels--which can be exploited by attackers to steal sensitive information, to disrupt the timing of time-critical functions that interact with the physical plants, or to break memory protection mechanisms in modern computers. Because these attacks target hardware, even logically safe and secure software such as a formally verified OS, could still be vulnerable. Given the safety-critical nature of CPS, hardware side-channels should be thoroughly analyzed and prevented in CPS. This project focuses on micro-architectural side channels in embedded multicore computing hardware, and aims to develop fundamental OS and architecture designs that minimize or completely eliminate the possibility of potential hardware-level side-channel attacks. Led by Principal Investigator Heechul Yun, researchers are seeking to fundamentally reduce or completely eradicate these micro-architectural side-channels by introducing new OS abstractions and minimally modifying micro-architecture and OS. Successful completion of this project will result in empirical studies on micro-architectural side-channels in safety-critical CPS and criticality-aware OS and architecture prototypes for side-channel attack resistant CPS.

In a paper entitled “Denial-of-Service Attacks on Shared Cache in Multicore: Analysis and Prevention,” the research team demonstrated the feasibility and severity of micro-architectural DoS attacks on shared caches in widely used contemporary COTS multicore processors. The paper won an Outstanding Paper Award at IEEE RTAS 2019, and the code was released to reproduce the results.

Researchers developed a comprehensive OS-level scheduling framework, RT-Gang, to mitigate timing-related micro-architectural DoS attacks on multicore platforms. The work was also published at IEEE RTAS 2019, and the code was released as open-source. They are currently extending the capability of the RT-Gang framework to improve real-time schedulability and isolation guarantees.

Researchers successfully integrated a quad-core RISC-V SoC and an NVDLA DNN accelerator on Amazon FPGA cloud environment, and plan to use this platform for micro-architectural side-channel research in the future. The integration and some preliminary results were published at the EMC^2 workshop. The integrated RISC-V SoC testbed, called FireSim-NVDLA, was released as open-source, and has received significant attention from industry practitioners and academic researchers. For example, Nvidia revealed in their official developer blog that it uses FireSim-NVDLA to evaluate the software release for their open-source deep neural network hardware accelerator called Nvidia Deep Learning Accelerator (NVDLA).

The research team also successfully developed SpectreGuard, a software/hardware collaborative defense mechanism against Spectre attacks. The work leverages software provided information to mitigate Spectre attacks at low hardware and performance cost. The work was published at ACM/IEEE DAC 2019, and the code was released as open-source.

The KU researchers have successfully developed a small hardware unit, Bandwidth Regulation Unit (BRU), that regulated memory traffic at the on-chip interconnect level within the RISC-V multicore. The work was accepted for publication at IEEE RTAS 2020, and the research team is currently working to prepare a camera-ready version of the paper and open-source release of the BRU.

The team’s work in developing a series of resilient OS and hardware architecture prototypes--by extending open-source OS (Linux) and hardware (RISC-V SoC)--that can defend against micro-architectural attacks with minimal impacts on performance has real potential to influence the broader computer industry.

Additional details on the project can be found here.