The Internet of Things (IoT) is has fast become an integral part of everyday life. IoT devices ranging from insulin pumps, smart home devices, and driverless cars, to energy delivery systems are vastly improving the quality of life. Many of these devices use processors based on the ARM architecture. While decades of research and deployment have successfully reduced the attack surface of memory corruptions, a new attack surface, the CPU caches, has emerged. This project advances the frontiers of knowledge in defeating cache-based attacks on IoT systems that are based on ARM processors. In particular, the project will develop software mitigation to defeat the destructive cache side-channel attacks and cache resident malware. It integrates a comprehensive education plan with the research to train the next generation workforce in cybersecurity.
This project consists of two complementary tasks, which can be deployed in tandem to provide comprehensive cache-based attack mitigation in IoT systems. First, the project develops software mitigation for all-level cache side-channel attacks. While software mitigation for cache side-channel attacks in cloud scenarios focus on last-level cache, novel attacks on L1 cache can also break the security guarantees of IoT systems. Based on the observation that the key to defending against all-level cache side-channel attacks is to take away attackers' ability to tell timing differences between used and unused data, this project develops new techniques to ensure a private space for each process by reserving the L1 cache for a sensitive operation’s exclusive use. Second, this project develops asynchronous cache resident malware mitigation to increase the performance and responsiveness of applications. Existing approaches in cache malware mitigation are slow because they are synchronous and the application requesting service will be suspended. This project divides an inspection task into two halves: one is urgent and not interruptible; the other is lengthy but interruptible. The longer half can be executed on another CPU core or can use deferred execution thus increasing the execution efficiency of the inspection task as a whole.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
