EC 700 - Secure Computing · EC 700 Hardware and Systems Security Prof. Michel A. Kinsy Introduction to cybersecurity Cyber attacks examples. Department of Electrical & Computer Engineering

Department of Electrical & Computer Engineering

EC 700Hardware and Systems Security

Prof. Michel A. Kinsy

Introduction to cybersecurityCyber attacks examples


Large-Scale System Security Breaches

§ The Emerging Mobile App “Wild West”• https://securityintelligence.com/how-to-protect-mobile-apps-

essentials/§ Apple has now removed over 300 pieces of software

from the App Store• http://www.wired.com/2015/09/apple-removes-300-infected-

apps-app-store/§ Security researcher obtained physical access to the

plane control system through the Seat Electronic Box• http://www.wired.com/2015/05/feds-say-banned-researcher-

commandeered-plane/§ Stuxnet computer worm is shown to work on Siemens

SIMATIC WinCC SCADA system• http://www.theguardian.com/world/2011/apr/17/iran-siemens-

stuxnet-cyberattack


Large-Scale System Security Breaches§ Home routers

§ Stealthy, destructive malware infects half a million routers https://www.wired.com/story/vpnfilter-router-malware-outbreak/

§ Services sector: databases and data centers§ Equifax breach of 145.5 million people's data§ Yahoo hack that affected 3 billion accounts§ Hospitals

§ https://www.zdnet.com/article/us-hospital-pays-55000-to-ransomware-operators/§ https://www.healthcareitnews.com/news/when-medical-devices-get-hacked-hospitals-

often-dont-know-it

§ Fitness and wellness § Under Armour

§ https://www.wired.com/story/under-armour-myfitnesspal-hack-password-hashing/

§ Internet of Things § World's largest DDoS attack launched from 152,000 hacked Smart

Deviceshttps://thehackernews.com/2016/09/ddos-attack-iot.html§ 230 crypto keys are actively being used by more than 4 Million IoT

devices§ https://thehackernews.com/2015/11/iot-device-crypto-keys.html


Large-Scale System Security Breaches§ Power grid systems: their control systems§ U.S. investigators find proof of cyberattack on

Ukraine power grid§ https://www.cnn.com/2016/02/03/politics/cyberattack-

ukraine-power-grid/index.html

Source: U.S. Department of Energy


Example: MicrogridsAn information-centric energy infrastructure: The Berkeley view

Source:http://www.energy-daily.com/images/smart-grid-electricity-schematic-bg.jpg.


Example: Cybersecurity of Microgrids

§ Computation requirements§ The control systems deal with continuous,

computational intensive dynamics, discrete events, and generic commands§ Low and high-performance processing units required

§ The correctness, stability, and efficiency in controlling these system are closely related to the data propagation delay in the control (low-latency, and hard real-time)§ Fast and predictable execution units are imperative

§ Security requirements


Example: Cybersecurity of Microgrids

§ Computation requirements§ Security requirements

§ Local control algorithms change over time, due to changes in the physical plant functions or capacity§ Programmable architectures are required

§ The system wide control is a network of independent or loosely coupled local controls§ Robust network security is needed

§ Firewalls, intrusion detection, deep packet sniffing, logging, unauthorized access monitoring, etc.


Social media and networks Mobile devices

Scientific instruments

Sensor technologyData storage has grown significantly, shifting markedly from analog to digital after 2000

SOURCE: Hilbert and López, “The world’s technological capacity to store, communicate, and compute information,” Science, 2011

Global installed, optimally compressed, storage

OverallExabytes

Detail%; exabytes

NOTE: Numbers may not sum due to rounding.

50

300

250

200

150

100

02007200019931986

6

75

979994

100% =

Analog

Digital

20072000

54 295

25

1993

163

1986

31

Evolving Nature of Applications


Computer System Components View

DigitalDesign

CircuitDesign

Compiler

OperatingSystem

Applications

Firmware

Datapath&Control

Layout

I/OsystemProcessor MemoryorganizationISA


Computer Architecture Domains§ The art of abstraction

Algorithm

Register-Transfer Level (RTL)

Application

Instruction Set Architecture (ISA)Operating System/Virtual Machine

Microarchitecture

Devices

Programming Language

Circuits

Physics

Original domain of

the computer architect

(‘50s-‘80s)

Domain of computer architecture (‘90s)

Reliability, power

Parallel computing security, …


Computer Architecture Components

§ The processing elements or cores do the actual computations, i.e., data manipulations, operations

On-chipInterconnect

MemorySubsystem

ProcessingCores



§ The memory hierarchy is responsible for the on-chip data storage, organization and access scheme

On-chipInterconnect

MemorySubsystem

ProcessingCores



§ On-chip network handles data movements, e.g., cache lines and cache coherence messages, between processor cores and memory modules

On-chipInterconnect

MemorySubsystem

ProcessingCores


Widening Gap: Needs and Capabilities

Figure:KathyYelick,“TenWaystoWasteaParallelComputer”,ISCA‘09


Figure:KathyYelick,“TenWaystoWasteaParallelComputer”,ISCA‘09

Increase in # of processing

elements/cores

Widening Gap: Needs and Capabilities


SoC/SiP/Large-Scale System Security

SoCdesigncomplexitytrends [International TechnologyRoadmapforSemiconductors2011Report]


SoC/SiP/Large-Scale System Security§ Integration of heterogeneous technologies

• Large number of processing units programmable RISC/CISC cores, memory, DSPs, and accelerator function units/ASIC

Systemdiagramofprocessingunitsinatypicalsmartphone3~4yearsago(OMAP™2Processors:OMAP2420–TI)


Why Hardware Level Security? Defense becomes more and more complex, yet still outmatched by offense

Unified threatmanagement

Network flightrecorder

SnortMilky WayStalkerDEC seal

10,000,000

8,000,000

6,000,000

4,000,000

2,000,000

01985 1990 1995 2000 2005 2010

Line

s of

cod

e

Security software

Malware:125 lines of code*

Source: Defense Advanced Research Projects Agency (DARPA)

Brief to Defense Science Board (DSB) Task Force (May 2011).

Data through 2010.


Computing Systems Security§ Hardware Security

• Circuit Level§ Hardware obfuscation

• Digital Design§ IC watermarking

• Datapath & Control§ Self-repair and regeneration of

datapaths• Component Level

§ Hardware security primitives (PUF, ORAM, RNG,…)

• Architecture Level§ Secure computing architectures

• Secure heterogeneous system-on-chip (SoC) architectures

Hardware

OS

Applications

Network


Current State of MixTrust Systems§ Current state of affairs: Trusted/untrusted

applications running on trusted/untrusted coresApplica,ons%

Core0%

Many2core%Architecture%

Core5%

Core8% Core9%

Core12%

Core3%

Core4%

Core10%

Core1% Core2%

Core7%Core6%

Core15%Core14%

Core11%

Core13%Task%

Task%


Architecture Design Challenge§ Relatively easy to get two of three, harder to get

all three!

Performance

Energy Efficiency

Programmability

Performance

Energy Efficiency

Programmability

Performance

Energy Efficiency

Programmability

Uniprocessor ASIC Superscalar



all three!

Performance

Energy Efficiency

Programmability

Performance

Energy Efficiency

Programmability

Performance

Energy Efficiency

Programmability


Performance

Energy Efficiency

Programmability The general design objectives of the community have been:§ If only I could get all three! § Image the future of

computing!



all three!

Performance

Energy Efficiency

Programmability

Performance

Energy Efficiency

Programmability

Performance

Energy Efficiency

Programmability


Performance

Energy Efficiency

ProgrammabilityWhat about security? § What about privacy-preserving computing? § What about the integrity of the execution? § On-chip data confidentiality?

§ Albert! You really know how to kill a party!!!


Computer Architecture Security§ The mainstream wake-up call § Meltdown and Spectre

§ Meltdown security vulnerability allows a local, unprivileged, userspace process to read data from any memory location mapped to the process, including kernel memory§ The key reason why this vulnerability is so terrifying

§ Spectre security vulnerability allows a local, unprivileged, userspace process to read data from memory locations assigned to other processes


Control Flow and Performance§ A basic block is a piece of code with no control flow

instruction, i.e., no branches or jumps§ Profiling results on a small set of common applications

using the Intel Pintool44

38

4230

5425 20

824

8081

4.65

4.69

4.62

4.66

4.59

C LEAR MKDIR LS UNTAR FIND

BASICBLOCKDISTRIBUTIONNumberofBBLs AverageInst/BBLs


Reducing Control Flow Penalty § Modern processors may have > 10 pipeline

stages between next pc calculation and branch resolution!

FetchI-cache

Fetch Buffer

IssueBuffer

Func.Units

Arch.State

Execute

Decode

ResultBuffer

Commit

PC


Pentium 4: A Superscalar CISC Architecture34TCFetch

5Drive

6Alloc

9Que

10Sch

12Sch

13Disp

14Disp

15RF

16RF

17Ex

18Flgs

19BrCk

20Drive

12TCNxtIP

78Rename

11Sch

3.2GB/sSystemInterface

L2CacheandControl

BTB

BTB&I-TLB

Decoder

TraceCache

Rename/Alloc

µopQueues

Schedulers

IntegerRFFPRFµCode

ROM

StoreAGULoadAGUALUALUALUALU

FPmoveFPstoreFmulFaddMMXSSE

L1D-CacheandD-TLB


Reducing Control Flow Penalty § Modern processors may have > 10

pipeline stages between next pc calculation and branch resolution!

§ Hardware solutions§ Find something else to do - delay

slots replaces pipeline bubbles with useful work (requires software cooperation)

§ Speculate - branch prediction speculative execution of instructions beyond the branch

FetchI-cache

Fetch Buffer

IssueBuffer

Func.Units

Arch.State

Execute

Decode

ResultBuffer

Commit

PC


Reducing Control Flow Penalty § Sequential execution of

instructions § Speculative non-sequential

execution of instructions i: instruction

i+1: instruction

i+2: instruction

i+3: instruction

i+4: instruction

j: instruction

j+k: instruction…

…

i: instruction

i+1: instruction

i+2: instruction

i+3: instruction

j: instruction

j+1: instruction

j+k: instruction

i+4: instruction

unprivileged Non-control flow instruction

unprivileged control flow instruction

unprivileged control flow resolution instruction

privileged instruction


Victim’s Domain

. . .

. . .Inputs Outputs

Data

Process

Secret


Victim’s Domain

. . .

. . .Inputs Outputs

Data

Process

Secret

Attacker


Victim’s Domain

. . .

. . .Inputs Outputs

Data

Process

Secret

Attacker

Initiate attack


Victim’s Domain

. . .

. . .Inputs Outputs

Data

Process

Secret

Attacker

Initiate attack

ATP

ATP: Attack Transmission Process


Victim’s Domain

. . .

. . .Inputs Outputs

Data

Process

Secret

Attacker

Initiate attack

ATP


ATP requests and sends out the secret


Victim’s Domain

. . .

. . .Inputs Outputs

Data

Process

Secret

Attacker

Initiate attack

ATP



SRP

SRP: Secret Receiving Process


Victim’s Domain

. . .

. . .Inputs Outputs

Data

Process

Secret

Attacker

Initiate attack

ATP



SRP

SRP: Secret Receiving Process

A new attack channel may be created (e.g., side-channel)


Perhaps a new technology: in the CMOS domain or post-CMOS (e.g., Spintronics,

memristor, carbon nanotube)

New Computer Architecture

The evolving nature of applications has created the need for new architecture

features

Examples:• Privacy-preserving computing • Secure mobile high-performance

computing• Secure situation-aware

computing• Trustworthy neural Network

based computing

The Need For A New Architecture


Perhaps a new technology: in the CMOS domain or post-CMOS (e.g., Spintronics,

memristor, carbon nanotube)

New Computer Architecture

The evolving nature of applications has created the need for new architecture

features

Examples:• Privacy-preserving computing • Secure mobile high-performance

computing• Secure situation-aware

computing• Trustworthy neural Network

based computing

The Need For A New Architecture

We need more secure architectures:

• Process isolation • Authentication of

software and hardware interactions


Next Class§ Application level attacks: Code injection, Buffer

Overflow, Control-Flow Hijacking


Class Logistics§ As a 700 Level course, it is primarily a reading,

presentation and project driven course § The class project is built around the RISC-V ISAA

secure architecture targeting a specific attack class§ Specifically

§ Describe a relevant and pressing attack model§ Propose some architecture feature(s) to protect against

the described attack§ Implement, test and validation of the security

safeguard provided


Class Logistics§ Keep up with the reading list§ No homework in the class, so these are your

assignments§ Groups § Lectures § Grading

§ Participation: 10%§ Reading reports: 25%§ Presentations: 25%§ Project: 40%

Documents

EC 700 - Secure Computing · EC 700 Hardware and Systems Security Prof. Michel A. Kinsy Introduction to cybersecurity Cyber attacks examples. Department of Electrical & Computer Engineering