While hardware resources for computation and data storage are now abundant, economic factors prevent specialized hardware security mechanisms from being integrated into commodity parts. System owners are caught between the need to exploit cheap, fast, commodity microprocessors and the need to ensure that critical security properties hold.
This research will explore a novel way to augment commodity hardware after fabrication to enhance secure operation. The basic approach is to add a separate silicon layer, housing select security features, onto an existing integrated circuit. This 3-D Integration decouples the function and economics of security policy enforcement from the underlying computing hardware. As a result, security enhancements are manufacturing options applicable only to those systems that require them, which resolves the economic quandary. We plan to identify a minimal and realizable set of circuit-level security capabilities enabled by this approach, which can be judiciously controlled by the software layers. This will significantly assist in reducing both the software complexity often associated with security mechanisms and system vulnerabilities. This research introduces a fundamentally new method to incorporate security mechanisms into hardware and has the potential to significantly shift the economics of trustworthy systems. A broader impact will result through collaborative and educational activities. Graduate and undergraduate student research associates will transfer knowledge to future teachers, researchers and Information Assurance professionals; and project publications will provide direct technical transfer to the embedded-systems and hardware-design communities.
While hardware resources, in the form of both transistors and full microprocessor cores, are now abundant, economic factors prevent specialized hardware mechanisms required for secure processing from being integrated into commodity parts. The security community is caught between the need to exploit cheap, fast, commodity microprocessors and the need to ensure that critical security properties hold. Over the course of this project, we explored a novel way to augment commodity hardware after fabrication to enhance secure operation for only those systems that require it. This is done through separate 3D layer of hardware, which allows designers to decouple the function and economics of security mechanisms from the underlying computing hardware. This work represents a significant new secure design methodology that cuts across all levels of the system stack, from the application software, through the run-time systems, the computer architecture, down to the level of circuits and packaging. The research performed during this project was the first to develop a method of using 3D integrated circuits for trustworthy system development. To demonstrate that 3D integration is a beneficial and practical method for secure system development, we focused on four objectives: 1) We performed in-depth evaluations on the feasibility of 3D technology to support additional security layers, from a technological, thermal, architectural, and software viewpoint through detailed simulations and design prototypes. 2) We investigated novel circuit mechanisms that allow traditional hardware communication and control channels to be overridden by the 3D security hardware. 3) We explored the novel tradeoffs between minimizing both the modifications required to the commodity hardware base layer and the security management opportunities. 4) Building upon the results of Research Objectives 1, 2, and 3, we validated the effectiveness of the 3-D integration approach by constructing system- and application-level security solutions, and through direct validation studies. The primary contribution beyond the research of science and engineering is to help establish security best practices within the 3D hardware design community and promote the adoption of 3D integration as an efficient and effective method of enhancing the security of commodity integrated circuits. This has the potential to increase the security of trusted devices that depend on hardware to be inherently trustworthy. In addition to research tasks, the broader impact of this project provided training for the next generation of computer hardware designers and security experts. This includes four graduate students, and over five undergraduates who worked directly on the research in this project. Furthermore, we taught in the California State Summer School for Mathematics and Science (COSMOS). This is a four-week residential summer program for high school students. It is especially important to provide these high school students, most of who will continue onto college majoring in computer science, computer engineering or electrical engineering, an accurate view of what they can do with these degrees. Unfortunately, the normal view of computing is sitting in front of a desktop programming, which could not be farther from the truth for most college students graduating in these fields.
