Date: Friday, October 24
Time: 12-1pm
Location: Soda 510
Title: Hardware-Software Cooperation Against Side-Channel Attacks
Abstract:
Hardware side-channel attacks occur when a victim program’s hardware resource usage is influenced by a secret, and an attacker observes this resource usage (e.g., via its effect on execution time) to infer the secret’s value. Hardware side-channel attacks were once thought to threaten only secret-processing code and to be mitigated by constant-time (CT) programming, which avoids passing secrets as inputs to instructions that leak their operands via hardware side channels. However, Spectre attacks reveal that transient execution of instructions along mispredicted code paths can leak victim secrets, even if they are never leaked or even accessed architecturally. These attacks bypass gold standard software-level security policies (e.g., CT programming and sandboxing), establishing hardware SCAs as a threat to all programs that hold secrets in architectural state.
Defending programs against hardware side-channel attacks in general, and Spectre attacks in particular, requires cooperation between hardware and software. Our research studies what this cooperation should look like and how to design and verify the implementations of new hardware-software contracts to enable it. This talk will focus on two novel Spectre defenses that approach this cooperation in slightly different ways. First, I will present Serberus, a hardware-enabled software defense, which empowers programs to restrict their runtime control-/data-flow (from software) just enough to (performantly) mitigate Spectre [Mosier+, SP24]. Second, I will present Protean, a software-enabled hardware defense, which supports programming hardware to enforce arbitrary architectural register-/memory-byte-granular data protection requirements during speculation. Time permitting, I will briefly highlight our work on automatically verifying hardware support for these defenses and more [Hsiao+, MICRO24].
Bio:
Caroline Trippel is an Assistant Professor in the Computer Science and Electrical Engineering Departments at Stanford University. Her research fits broadly in the area of computer architecture and focuses on promoting high assurance—correctness, security, and reliability—as a first-order computer architecture design goal. A central theme of Trippel’s work is leveraging automated reasoning and formal methods techniques to design and verify hardware systems. Trippel’s research has influenced the design of the RISC-V ISA memory consistency model both via her formal analysis of its draft specification and her subsequent participation in the RISC-V Memory Model Task Group; prompted Intel to update their Software Security Guidance to confirm that two Intel microarchitectures satisfy assumptions made by the Seberus Spectre defense that her work developed; and produced a novel methodology and tool that synthesized two new variants of the famous Meltdown and Spectre attacks. Trippel’s research has been recognized with IEEE Top Picks distinctions, an NSF CAREER Award, the inaugural Google ML and Systems Junior Faculty Award, the Intel Rising Star Faculty Award, an Intel Outstanding Researcher Award, the 2020 ACM SIGARCH/IEEE CS TCCA Outstanding Dissertation Award, and the 2020 CGS/ProQuest® Distinguished Dissertation Award in Mathematics, Physical Sciences, & Engineering.