Evaluating the security of novel microarchitecture

Sanchez Vicarte, Jose Rodrigo

Permalink

https://hdl.handle.net/2142/117716 Copy

Description

Title

Evaluating the security of novel microarchitecture

Author(s)

Sanchez Vicarte, Jose Rodrigo

Issue Date

2022-09-19

Director of Research (if dissertation) or Advisor (if thesis)

Fletcher, Christopher W

Doctoral Committee Chair(s)

Fletcher, Christopher W

Committee Member(s)

• Bailey, Michael
• Levchenko, Kirill
• Mohan, Sibin
• Valamehr, Jonathan

Department of Study

Electrical & Computer Eng

Discipline

Electrical & Computer Engr

Degree Granting Institution

University of Illinois at Urbana-Champaign

Degree Name

Ph.D.

Degree Level

Dissertation

Keyword(s)

• microarchitectural security
• microarchitectural side channels
• data at rest

Abstract

Microarchitectural attacks have plunged Computer Architecture into a security crisis. Yet, as the slowing of Moore’s law justifies the use of ever more exotic microarchitecture, it is likely we have only seen the tip of the iceberg. Without transistor scaling, it follows that microarchitects will employ ever more exotic microarchitectural optimizations to improve performance. If the past is any indicator of the future, it stands to reason that these optimizations will have novel — if not devastating — security implications. To better anticipate this security crisis, this work performs the first systematic security-centric analysis of the Computer Architecture literature. Our rationale is that when implementing current and future processors, microarchitects will (quite reasonably) look to previously-proposed ideas. Further, beyond “simply” impacting future processors, it is likely the case that some such microarchitecture already exists in current hardware, creating la- tent, not-yet-discovered vulnerabilities. Examining the deluge of exploits which have come out in the last few years, it is clear that processor complexity has already outpaced attacker bandwidth to find zero days. However, current approaches to microarchitectural security today research limit our ability to study the security implications of microarchitecture before it is deployed. Conventional attack research methodology combines a specific microarchitectural optimization (as found on an already-deployed processor) with a convenient threat model and victim program to demonstrate an “at- tack” (usually key extraction for a specific cryptographic algorithm). This approach entangles the specific microarchitectural implementation with a specific threat model and a specific victim program. Making matters worse, this approach does not begin studying novel microarchitecture until after it is found on an already-deployed processor. While seemingly obvious, in vitro (design time) security evaluations are not common practice in the literature because it isn’t obvious how to study microarchitecture so early in the design process. Current approaches to microarchitectural security research provide limited utility at this stage because it is not clear how they can be used to study microarchitecture across all possible threat models and victim programs. We must start by decoupling a microarchitectural optimization from any single threat model and victim program. To address this problem, this work develops a novel abstraction which precisely and concisely captures microarchitectural leakage while abstract- ing away the victim program and threat model. Using this abstraction, this work performs the first broad, systematic study, of the microarchitecture literature to characterize the the security implications of both known and new (theorized) microarchitectural optimizations in an apples-to-apples fashion. Through discoveries made during this study, this work answers two major open questions in the field of microarchitectural security. First, this work discovers the first microarchitecture (outside of speculative execution) which is capable of leaking all of program memory (i.e., forms a “universal read gadget”). Second, this work discovers the first microarchitectural optimization, deployed on real processors today, capable of leaking data without even being read by the processor core (i.e., “at rest”).

Graduation Semester

2022-12

Type of Resource

Thesis

Copyright and License Information

Copyright 2022 Jose Sanchez Vicarte

Owning Collections