In this talk, I will describe a new design principle for security: the hardware-up principle. Hardware-up security means that systems should be secured starting from hardware instead of the existing popular approach where software layers are secured, assuming that the lower layers are secure when they are not. I will discuss how systems designed for security from hardware-up offer unique advantages unavailable in current protection systems: a smaller attack surface, energy-efficient execution, and the ability to reason about security compositionally. I will illustrate hardware-up benefits through two case studies. For the first hardware-up case study, I will discuss how we can prevent attackers from taking advantage of unintentional hardware design flaws. Taking microarchitectural side channels as an example, I will discuss a new methodology that computer architects can use to reason micro architectural side-channels at processor design time. Attackers can also intentionally weaken hardware to break systems. In the second case study, I will discuss how hardware itself can be created in a manner that provides assurance that its security has not been compromised due to design-time backdoors. I will describe the first static analysis tool for detecting hardware backdoors and our technique for silencing backdoors. I will mention a prototype built using our technique that incurs less than 8% area overhead and negligible performance overheads. Finally, time permitting, I will describe a hardware malware detector, a first of its kind, that is vastly simpler to implement compared to a traditional software malware detector.
Share via
Copy link
Powered by Social Snap