P16_20: Leveraging Hardware Isolation for Secure Execution of Safety-Critical Applications in Distributed Embedded Systems
Topic Areas: Electronic HW and systems security,HW and system security at all levels of abstraction
Principal investigator: Dr. Omer Khan, University of Connecticut
Domain specific hardware is thriving, and much attention is devoted to building distributed embedded systems using commercial off-the-shelf (COTS) components, such as microprocessors, FPGAs, or even customized systems-on-chip. These systems allow concurrent execution of applications that spatio-temporally share hardware resources for efficiency. However, sharing leaves hardware vulnerable to security attacks since the execution footprint of applications can leave measureable side effects in shared hardware resources, such as communication networks. The recent hardware state attacks on commercial Intel processors have shown that this behavior can be exploited to expose information that is otherwise inaccessible or not directly visible in the system state. In a typical scenario, the attacker either indirectly or directly pollutes a shared resource by forcing execution on privileged or private data that leaves a side-channel trail that can be used by an adversarial application to infer the secret value(s). Many attack variations have been demonstrated, including arbitrary exposure of the memory values of security-critical processes to an unprivileged attacker. This makes hardware sharing a dangerous open attack vector on modern distributed embedded systems. The objective of this project is to explore hardware isolation principles to limit resource-sharing interference, leading to reduced information leakage while maintaining superior system performance.