In this talk, I will propose and describe a new design principle for security: the hardware-up principle. Hardware-up security means that systems should be secured starting from hardware instead of the existing popular approach where software layers are secured, assuming that the lower layers are secure even when they are not. I will discuss how systems designed for security from hardware-up offer unique advantages unavailable in current protection systems: a smaller attack surface, energy-efficient execution, and the ability to reason about security compositionally.
I will illustrate hardware-up benefits through three case studies.
For the first hardware-up case study, I will discuss how we can prevent attackers from taking advantage of unintentional hardware design flaws. Taking microarchitectural side channels as an example, I will discuss a new methodology that computer architects can use to reason micro architectural side-channels at processor design time.
Attackers can also intentionally weaken hardware to break systems. In the second case study, I will discuss how hardware itself can be created in a manner that provides assurance that its security has not been compromised due to design-time backdoors. I will describe our technique for silencing backdoors and a prototype built using this technique that incurs less than 8% area overhead and negligible performance overheads.
Finally, I will describe a hardware malware detector, a first of its kind, that is vastly simpler to implement compared to a traditional software malware detector.
Case study 1: SVF: http://www.cs.columbia.edu/~simha/preprint_isca12_svf.pdf
Case study 2: Hardware Backdoors: http://www.cs.columbia.edu/~simha/preprint_oakland11.pdf
Case study 3: Malware Detector: http://www.cs.columbia.edu/~simha/preprint_isca13_malware.pdf
Simha Sethumadhavan is an Associate Professor of Computer Science at Columbia University. Simha's research interests are in hardware security and energy-efficient computing. He is the principal investigator on the DARPA SPARCHS project at Columbia University. The goal of the project is to discover how systems should be designed if security was a first order design requirement in addition to the traditional requirements like power/performance etc. He has been recognized with an Alfred P Sloan Fellowship (2013), NSF CAREER award (2011), two IEEE Micro “top pick” awards (2004, 2013) and a graduate teaching award (2006). He obtained his PhD from UT Austin in 2007.