- All Categories
- Featured Events
- Alumni
- Application Deadline
- Arts
- Campus Discourse
- Careers
- BU Central
- Center for the Humanities
- Charity & Volunteering
- Kilachand Center
- Commencement
- Conferences & Workshops
- Diversity & Inclusion
- Examinations
- Food & Beverage
- Global
- Health & Wellbeing
- Keyword Initiative
- Lectures
- LAW Community
- Meetings
- Orientation
- Other Events
- Religious Services & Activities
- Special Interest to Women
- Sports & Recreation
- Social Events
- Study Abroad
- Weeks of Welcome
- Kevin Clayton Dissertation Defense9:30 am
- GRS Dissertation Defense of Katherine Bloore10:00 am
- GRS Dissertation Defense of Nathaniel Josephs10:00 am
- GRS Dissertation Defense of Pablo Cuellar Tapia11:00 am
- GRS Dissertation Defense of Xiaoxi Zhao2:00 pm
- CE PhD Dissertation Defense: Leila Delshadtehrani2:00 pm
- GRS Dissertation Defense of Amy Scott2:15 pm
CE PhD Dissertation Defense: Leila Delshadtehrani
Title: Enabling Software Security Mechanisms Through Architectural Support
Presenter: Leila Delshadtehrani
Chair: Professor Ayse Coskun (ECE)
Advisor: Professor Ajay Joshi (ECE); Professor Manuel Egele (ECE)
Committee: Professor Gianluca Stringhini (ECE); Professor Tali Moreshet (ECE)
Abstract: Over the past decades, there has been a growing number of attacks compromising the security of computing systems. In the first half of 2020, data breaches caused by security attacks led to the exposure of 36 billion records containing private information, where the average cost of a data breach is $3.86 million. Over the years, researchers have developed a variety of software solutions that can actively protect computing systems against different classes of security attacks. However, such software solutions are rarely deployed in practice, largely due to their significant performance overhead, ranging from ~15% to multiple orders of magnitude. A hardware-assisted security extension can reduce the performance overhead of software-level implementations and provide a practical security solution. Hence, in recent years, there has been a growing trend in the industry to enforce security policies in hardware. Unfortunately, the current trend only implements dedicated hardware extensions for enforcing fixed security policies in hardware. As these policies are built in silicon, they cannot be updated at the pace at which security threats evolve.In this thesis, we propose a hybrid approach by developing and deploying both dedicated and flexible hardware-assisted security extensions. We incorporate an array of hardware engines as a security layer on top of an existing processor design. These engines are in the form of Programmable Engines (PEs) and Specialized Engines (SEs). A PE is a minimally invasive and flexible design, capable of enforcing a variety of security policies as security threats evolve. In contrast, an SE, which requires targeted modifications to an existing processor design, is a dedicated hardware security extension. An SE is less flexible than a PE, but has lower overheads.In our research, we propose a PE called PHMon, which can enforce a variety of security policies. PHMon can also assist with detecting software bugs and security vulnerabilities. We demonstrate the versatility of PHMon through five representative use cases, (1) a shadow stack, (2) a hardware-accelerated fuzzing engine, (3) information leak prevention, (4) hardware-accelerated debugging, and (5) a code coverage engine.We also propose two SEs as dedicated hardware extensions. Our first SE, called SealPK, provides an efficient and secure protection key-based intra-process memory isolation mechanism for the RISC-V ISA. SealPK provides higher security guarantees than the existing hardware extension in Intel processors, through three novel sealing features. These features prevent an attacker from modifying sealed domains, sealed pages, and sealed permissions. Our second SE, called FlexFilt, provides an efficient capability to guarantee the integrity of isolation-based mechanisms by preventing the execution of various instructions in untrusted parts of the code at runtime.We demonstrate the feasibility of our PE and SEs by providing a practical prototype of our hardware engines interfaced with a RISC-V processor on an FPGA and by providing the full Linux software stack for our design. Our FPGA-based evaluation demonstrates that PHMon improves the performance of fuzzing by 16X over the state-of-the-art software-based implementation while a PHMon-based shadow stack has less than 1% performance overhead. An isolated shadow stack implemented by leveraging SealPK is 80X faster than an isolated implementation using mprotect, and FlexFilt incurs negligible performance overhead for filtering instructions.
When | 2:00 pm to 4:00 pm on Friday, March 26, 2021 |
---|---|
Location | https://bostonu.zoom.us/j/93701091305?pwd=THdPR3phTCs4ejlaOEZRV21oMFJNdz09 |