Project Detail |
Problem: Side-channel leaks via timing, cache, and speculation can expose sensitive information across traditional isolation barriers, putting our data at risk. Unfortunately, despite decades-long attempts to eliminate these leaks, new attacks are discovered by the day. Fundamentally, this is due to the following mismatch: Todays hardware is extremely complicated because of its myriad fast paths and performance optimizations, yet, we reason about it based on coarse, implicit, and inaccurate models. This divide between model and reality results in leaks and inefficient systems that fail to keep our data safe.
Aim: SecuStack wants to put an end to this seemingly endless cycle of new attacks and defenses through a radically new approach based on the following insight: To effectively secure computer systems against side-channel leaks, we need to know when the hardware leaks, at the level of gates, flip-flops, and wires.
Approach: SecuStack will leverage this insight via the following four research tasks. First, the SecuStack team will automatically construct per-processor, ground-truth leakage models at the hardware level (T1). Next, we will use those models to describe leakage at the assembly (ISA) level (T2), which in turn will allow us to synthesize provably correct software defenses (T3). These steps build on research breakthroughs from my recent work. To remain feasible for a small team in a five-year timeframe, SecuStack will not target legacy toolchains but instead aim for a breakthrough in a tightly controlled setting, based on open-source RISC-V processors and a custom compilation toolchain. Finally, we will demonstrate immediate practical impact by implementing two challenging case studies: a silicon root of trust and an enclave monitor (T4).
Impact: If successful, this ambitious effort will yield the first provably secure end-to-end timing, cache, and speculation safe systems and pave the way towards secure infrastructure for the future. |