University of Illinois Urbana-Champaign

Software security challenges in the era of modern hardware

Paccagnella, Riccardo

Permalink

https://hdl.handle.net/2142/121442

Description

Title
Software security challenges in the era of modern hardware
Author(s)
Paccagnella, Riccardo
Issue Date
2023-07-05
Director of Research (if dissertation) or Advisor (if thesis)
Fletcher, Christopher
Doctoral Committee Chair(s)
Fletcher, Christopher
Committee Member(s)
  • Baumann, Andrew
  • Torrellas, Josep
  • Bailey, Michael
  • Shacham, Hovav
  • Yan, Mengjia
Department of Study
Computer Science
Discipline
Computer Science
Degree Granting Institution
University of Illinois at Urbana-Champaign
Degree Name
Ph.D.
Degree Level
Dissertation
Keyword(s)
  • hardware security
  • side-channel attacks
  • constant-time programming
  • resource partitioning
  • computer processors
  • frequency scaling
  • on-chip interconnect
Abstract
Today's hardware cannot keep secrets. Indeed, the past two decades have seen the discovery of a slew of attacks where an adversary exploits hardware features to leak software's sensitive data. These attacks have shaken the foundations of computer security and caused a disruption in the software industry. Fortunately, there has been a saving grace, namely the widespread adoption of models that have enabled developers to build secure software while comprehensively preventing hardware vulnerabilities. This dissertation studies these prevailing models for building secure software and evaluates the extent to which they break down in the context of today's hardware. In the first part, we introduce Hertzbleed attacks, demonstrating that the principles underpinning constant-time programming are inadequate to guarantee constant-time execution of software. In the second part, we introduce interconnect side-channel attacks, demonstrating that the current implementation principles for resource partitioning are inadequate to guarantee software isolation. Both vulnerabilities are not mere extensions of existing ones but rather constitute entirely new attack vectors, which undermine established defenses. We present an in-depth examination of these new attacks and discuss their implications for secure software design.
Graduation Semester
2023-08
Type of Resource
Thesis
Copyright and License Information
Copyright 2023 Riccardo Paccagnella

Owning Collections

Graduate Dissertations and Theses at Illinois PRIMARY
Graduate Theses and Dissertations at Illinois