The Security Project
Containment-based Security (Trustguard)Software security techniques rely on correct execution by the hardware. Securing hardware components has been challenging due to their complexity and the proportionate attack surface they present during their design, manufacturing, deployment, and operation. Recognizing that external communication represents one of the greatest threats to a system’s security, this paper introduces the TrustGuard architecture, centered on a relatively simple and pluggable gatekeeping component, called the Sentry. In TrustGuard, the Sentry bridges a physical gap between the untrusted system and its external interfaces. TrustGuard allows only communication resulting from correct execution of trusted software, thereby preventing the ill effects of actions by malicious hardware or software from leaving the system. The simplicity and pluggability of the Sentry, which is implemented in less than half the lines of code of a simple in order processor, enables suppliers and consumers to take additional measures to secure this root of trust, including formal verification, supervised manufacture, and supply chain diversification with minimal impact on performance.
User-Centric Information Flow Security (UCIFS)Even as modern computing systems allow the manipulation and distribution of massive amounts of information, users of these systems are unable to manage the confidentiality of their data in a practical manner. Conventional access control security mechanisms cannot prevent the illegitimate use of privileged data once access is granted. For example, information provided by a user during an online purchase may be covertly delivered to malicious third parties by an untrustworthy web browser. Previous information-flow security mechanisms did provide this assurance, but only for programmer-specified policies enforced during program development. Furthermore, these policies could only be applied as a static analysis on special-purpose type-safe languages. Not only are these techniques not applicable to many commonly used programs, but they leave the user and their data with no defense against malicious programmers or altered binaries.
In order to address this problem, we proposed RIFLE, the first user-centric information flow security (UCIFS) framework. By addressing information-flow security at run-time, RIFLE provides users with a practical way to enforce their own information-flow security policies on all programs. We proved, contrary to statements in existing literature, that UCIFS systems are no less secure than their language-based counterparts. Using RIFLE, we showed that UCIFS works in practice with a reasonable performance cost, revealing existing properties of existing programs, such as thttpd and PGP.
The SPARCHS ProjectCurrent research in security mostly follows a top-down layered approach, where the most exposed layers (such as the network or application layers) are first considered for security, under the assumption that the lower layers are secure. The lower layers are considered only when new threats appear at those layers. Thus, every security mechanism that mitigates a threat at a particular layer, can be circumvented by attacking a vulnerability in a lower layer. The SPARCHS project considers a new computer systems design methodology that treats security as a first-order design requirement, alongside traditional requirements such as speed, programmability, usability, and power/energy efficiency. The chief insight in this approach is to push security mechanisms down to the hardware, which is the lowest layer in a computer system. We take inspiration from concepts in biological defense systems, and aim to provide hardware support to mimic the following biological primitives: (1) Innate immunity for threat detection and isolation, (2) Diversity and polymorphism for attack prevention, (3) Symbiotic Immunity for implementing protection and detection techniques, (4) Adaptive Immunity for attack prevention, (5) Optimized redundant execution for continued execution in the face of an attack, and (6) Autotomy to contain damage when all else fails.
All Project Publications
Architectural Support for Containment-based Security [abstract] (PDF)
A General Approach for Efficiently Accelerating Software-based Dynamic Data Flow Tracking on Commodity Hardware [abstract] (PDF)
The SPARCHS Project: Hardware Support for Software Security [abstract] (PDF)
Extracting Secret Keys from Integrated Circuits [abstract] (IEEE Xplore, PDF)
RIFLE: An Architectural Framework for User-Centric Information-Flow Security [abstract] (ACM DL, PDF)
Secure Program Execution via Dynamic Information Flow Tracking [abstract] (ACM DL, PDF)
A Technique to Build a Secret Key in Integrated Circuits for Identification and Authentication Applications [abstract] (IEEE Xplore, PDF)