Isolated execution is a hardware-supported security model used to protect programs from compromised or untrusted systems such as on the cloud. This project will develop next generation isolated execution systems that improve state-of-the-art along three dimensions. This project will develop a formal theoretical framework to study attacks and defenses and develop new solutions against side channel attacks based on the concept of composable resources.

This project is organized into three thrusts. First, defenses against side channel leakage in isolated execution environments based on a new idea of composable resource-lets will be explored: these are fine-grained resources that can be combined to create isolated resource partitions for security. Second, the notion of isolated execution will be extended beyond a CPU to cover a heterogeneous system. Finally, new formalisms that allow reasoning about both vulnerabilities and defenses to reach strong guarantees of security will be introduced.

Isolated execution for CPUs is available in products and continues to receive commercial and research interest. This project will substantially improve the security and applicability of isolated execution systems by providing protection against side channel attacks and by extending them beyond the CPU to operate in modern heterogeneous systems. This project will provide research opportunities for underrepresented students. New educational material on isolated execution and heterogeneous system security will be developed and integrated into classes.

The project repository (available at https://github.com/seas-ucr/LFIE) will be maintained for at least 3 years beyond the end of the grant. It will hold all software byproducts from the project.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

Agency
National Science Foundation (NSF)
Institute
Division of Computer and Network Systems (CNS)
Type
Standard Grant (Standard)
Application #
2053383
Program Officer
Alexander Jones
Project Start
Project End
Budget Start
2021-07-01
Budget End
2025-06-30
Support Year
Fiscal Year
2020
Total Cost
$505,418
Indirect Cost
Name
University of California Riverside
Department
Type
DUNS #
City
Riverside
State
CA
Country
United States
Zip Code
92521