Front Page

The Liberty Research Group

The Security Project

Containment-based Security (Trustguard)

Software security techniques rely on correct execution by the hardware. Securing hardware components has been challenging due to their complexity and the proportionate attack surface they present during their design, manufacturing, deployment, and operation. Recognizing that external communication represents one of the greatest threats to a system’s security, this paper introduces the TrustGuard architecture, centered on a relatively simple and pluggable gatekeeping component, called the Sentry. In TrustGuard, the Sentry bridges a physical gap between the untrusted system and its external interfaces. TrustGuard allows only communication resulting from correct execution of trusted software, thereby preventing the ill effects of actions by malicious hardware or software from leaving the system. The simplicity and pluggability of the Sentry, which is implemented in less than half the lines of code of a simple in order processor, enables suppliers and consumers to take additional measures to secure this root of trust, including formal verification, supervised manufacture, and supply chain diversification with minimal impact on performance.

User-Centric Information Flow Security (UCIFS)

Even as modern computing systems allow the manipulation and distribution of massive amounts of information, users of these systems are unable to manage the confidentiality of their data in a practical manner. Conventional access control security mechanisms cannot prevent the illegitimate use of privileged data once access is granted. For example, information provided by a user during an online purchase may be covertly delivered to malicious third parties by an untrustworthy web browser. Previous information-flow security mechanisms did provide this assurance, but only for programmer-specified policies enforced during program development. Furthermore, these policies could only be applied as a static analysis on special-purpose type-safe languages. Not only are these techniques not applicable to many commonly used programs, but they leave the user and their data with no defense against malicious programmers or altered binaries.

In order to address this problem, we proposed RIFLE, the first user-centric information flow security (UCIFS) framework. By addressing information-flow security at run-time, RIFLE provides users with a practical way to enforce their own information-flow security policies on all programs. We proved, contrary to statements in existing literature, that UCIFS systems are no less secure than their language-based counterparts. Using RIFLE, we showed that UCIFS works in practice with a reasonable performance cost, revealing existing properties of existing programs, such as thttpd and PGP.

The SPARCHS Project

Current research in security mostly follows a top-down layered approach, where the most exposed layers (such as the network or application layers) are first considered for security, under the assumption that the lower layers are secure. The lower layers are considered only when new threats appear at those layers. Thus, every security mechanism that mitigates a threat at a particular layer, can be circumvented by attacking a vulnerability in a lower layer. The SPARCHS project considers a new computer systems design methodology that treats security as a first-order design requirement, alongside traditional requirements such as speed, programmability, usability, and power/energy efficiency. The chief insight in this approach is to push security mechanisms down to the hardware, which is the lowest layer in a computer system. We take inspiration from concepts in biological defense systems, and aim to provide hardware support to mimic the following biological primitives: (1) Innate immunity for threat detection and isolation, (2) Diversity and polymorphism for attack prevention, (3) Symbiotic Immunity for implementing protection and detection techniques, (4) Adaptive Immunity for attack prevention, (5) Optimized redundant execution for continued execution in the face of an attack, and (6) Autotomy to contain damage when all else fails.

All Project Publications

Architectural Support for Containment-based Security [abstract] (PDF)
Hansen Zhang, Soumyadeep Ghosh, Jordan Fix, Sotiris Apostolakis, Stephen R. Beard, Nayana P. Nagendra, Taewook Oh, and David I. August
Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), April 2019.
Accept Rate: 21% (74/350).

TrustGuard: A Model for Practical Trust in Real Systems [abstract] (PDF)
Stephen R. Beard
Ph.D. Thesis, Department of Computer Science, Princeton University, 2019.

TrustGuard: A Containment Architecture with Verified Output [abstract] (PDF)
Soumyadeep Ghosh
Ph.D. Thesis, Department of Computer Science, Princeton University, 2017.

A General Approach for Efficiently Accelerating Software-based Dynamic Data Flow Tracking on Commodity Hardware [abstract] (PDF)
Kangkook Jee, Georgios Portokalidis, Vasileios P. Kemerlis, Soumyadeep Ghosh, David I. August, and Angelos D. Keromytis
Proceedings of the 19th Internet Society (ISOC) Symposium on Network and Distributed Systems Security (NDSS), February 2012.
Accept Rate: 17% (46/258).

The SPARCHS Project: Hardware Support for Software Security [abstract] (PDF)
Simha Sethumadhavan, Salvatore J. Stolfo, Angelos D. Keromytis, Junfeng Yang, and David I. August
Proceedings of the First SysSec Workshop (SYSSEC), July 2011.

Extracting Secret Keys from Integrated Circuits [abstract] (IEEE Xplore, PDF)
Daihyun Lim, Jae W. Lee, Blaise Gassend, G. Edward Suh, Marten van Dijk, and Srinivas Devadas
IEEE Transactions on VLSI Systems (TVLSI), October 2005.

RIFLE: An Architectural Framework for User-Centric Information-Flow Security [abstract] (ACM DL, PDF)
Neil Vachharajani, Matthew J. Bridges, Jonathan Chang, Ram Rangan, Guilherme Ottoni, Jason A. Blome, George A. Reis, Manish Vachharajani, and David I. August
Proceedings of the 37th International Symposium on Microarchitecture (MICRO), December 2004.
Accept Rate: 18% (29/158).

Secure Program Execution via Dynamic Information Flow Tracking [abstract] (ACM DL, PDF)
G. Edward Suh, Jae W. Lee, David Zhang, and Srinivas Devadas
Proceedings of the 11th ACM Architectural Support for Programming Languages and Operating Systems (ASPLOS), October 2004.
Accept Rate: 14% (24/169).

A Technique to Build a Secret Key in Integrated Circuits for Identification and Authentication Applications [abstract] (IEEE Xplore, PDF)
Jae W. Lee, Daihyun Lim, Blaise Gassend, G. Edward Suh, Marten van Dijk, and Srinivas Devadas
Proceedings of the 2004 IEEE Symposium on VLSI Circuits (VLSI), June 2004.
Accept Rate: 32% (108/329).