Side channel attacks study leakage due to timing variation in software execution, resulting from contention for hardware resources. By analyzing these variations, an attacker can obtain additional information and use it to deduce the victim’s secrets. As proven by Spectre and Meltdown, these side channel attacks pose a severe threat to the security of nearly all computing devices. Given that side channel protection often requires hardware redesign, something must be done in the interim to secure existing software on currently deployed hardware. This project studies transformations on existing software in an attempt to harden it against side channel attacks.
The project consists of three main tasks. In Task 1, the project will attempt to reverse engineer various hardware structures in the processor so as to determine where attacks might occur. Next, in Task 2, the project will use the data from Task 1 to design transformations that will protect leaky software against side channels. Finally, Task 3 will develop methods to confirm that the outputs of Task 2 are indeed side channel free. While typical analysis of side channel leakage requires manual effort, Task 3 aims to develop automated tools for leakage detection, avoiding the need for manual analysis.
Hardware is the ultimate root of trust, the correctness of which is the foundation to the security of all software. However, unlike software, hardware security has received much less attention, from both academic and industry. Until new and secure hardware becomes available, the proposed project aims to protect existing software deployed on leaky hardware. While the project cannot hope to eliminate all leakage, it does aim to harden existing software, making leakage harder to exploit. Tools and methodologies developed by this project will be used to design safer hardware, as well as help mitigate leakage in existing software.
The project will retain all data, simulators, and code produced in a central GIT repository which will be publicly available at github.com.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
