6 888 secure hardware design
play

6.888 Secure Hardware Design Mengjia Yan Fall 2020 Todays Agenda - PowerPoint PPT Presentation

Nov 07, 2022 •189 likes •910 views

6.888 Secure Hardware Design Mengjia Yan Fall 2020 Todays Agenda Introduce yourself Logistics Course Overview 6.888 - L1 Introduction 2 Introduce Yourself Course Logistics Basic Administrivia Website: Instructor:

  1. 6.888 Secure Hardware Design Mengjia Yan Fall 2020

  2. Today’s Agenda • Introduce yourself • Logistics • Course Overview 6.888 - L1 Introduction 2

  3. Introduce Yourself

  4. Course Logistics

  5. Basic Administrivia • Website: • Instructor: http://csg.csail.mit.edu/6.888Yan/ • Mengjia Yan <mengjia@csail.mit.edu> • Paper readings • Syllabus • TA: • Assignments • Miles Dai <milesdai@mit.edu> • Piazza: • Mailing List: • Announcements • 6888-fa20-staff@csail.mit.edu • Discussions • HotCRP: Submit paper reviews • Canvas: Submit project proposals & reports 6.888 - L1 Introduction 5

  6. Course Website 6.888 - L1 Introduction 6

  7. Pre-requisites and Recommendation • Pre-requisite: • Basic computation structure course (6.004) • Recommended but not required • System security and software security courses (6.858, 6.857) • Advanced computer architecture course (6.823) • Basic applied cryptography (6.875) 6.888 - L1 Logistics 7

  8. Assignments and Grading • Paper reviews (2 papers/week) - 25% • 500 word summary + 1-2 discussion questions • Seminars - 15% • Discussion lead for 1-2 papers - 10% • Participation - 5% • Lab assignments - 15% • Research project - 50% • Proposal – 10% • Weekly report + Checkpoint – 10% • Final report – 15% • Final presentation – 15% 6.888 - L1 Logistics 8

  9. Seminar Format • Every student will write a review for each paper • 500 word summary, comments on pros and cons, and key takeaways • 1-2 discussion questions • Due @midnight before each class • Submit via HotCRP (visible after the due time) • Each paper will have one student as the lead presenter • ~45 min presentation: A good opportunity to practice presentation skills • Send slides to me 24 hours before the lecture • Design a poll question • I may invite the authors of the paper to attend the presentation (opportunities to ask questions that only the authors can answer) 6.888 - L1 Logistics 9

  10. Presentation Format • Background and Motivation • Threat Model • Key technical ideas ( insights ), main contributions • Strengths/Weaknesses • Directions for future work • Several questions for discussion 6.888 - L1 Introduction 10

  11. Lab Assignments (3.5 weeks) • Team of 2 persons 1) Dead drop: Build a communication channel via hardware resource contention 2) Capture the flag: Steal a secret via hardware resource contention • Opportunities to turn into final projects 6.888 - L1 Logistics 11

  12. Dead Drop • Communicate via hardware resource contention 6.888 - L1 Logistics 12

  13. Dead Drop • Communicate via hardware resource contention #ways #sets Cache 6.888 - L1 Logistics 12

  14. Dead Drop • Communicate via hardware resource contention #ways Receiver Sender #sets Cache 6.888 - L1 Logistics 12

  15. Dead Drop • Communicate via hardware resource contention #ways Receiver Sender #sets if (send “1”): fill the cache else: idle Cache 6.888 - L1 Logistics 12

  16. Dead Drop • Communicate via hardware resource contention #ways Receiver Sender #sets T = time(access cache) if (send “1”): if (T > Threshold): fill the cache receive “1” else: else: idle receive “0” Cache 6.888 - L1 Logistics 12

  17. Dead Drop • Communicate via hardware resource contention #ways Receiver Sender #sets T = time(access cache) if (send “1”): if (T > Threshold): fill the cache receive “1” else: else: idle receive “0” Cache 6.888 - L1 Logistics 12

  18. Dead Drop • Communicate via hardware resource contention #ways Receiver Sender #sets T = time(access cache) if (send “1”): if (T > Threshold): fill the cache receive “1” else: else: idle receive “0” Cache 6.888 - L1 Logistics 12

  19. Dead Drop • Communicate via hardware resource contention #ways Receiver Sender #sets T = time(access cache) if (send “1”): if (T > Threshold): fill the cache receive “1” else: else: idle receive “0” Cache 6.888 - L1 Logistics 12

  20. Dead Drop • Communicate via hardware resource contention #ways Receiver Sender #sets T = time(access cache) if (send “1”): if (T > Threshold): fill the cache receive “1” else: else: idle receive “0” Cache 6.888 - L1 Logistics 12

  21. Capture the Flag • Steal secrets via hardware resource contention #ways Attacker Victim #sets Cache 6.888 - L1 Logistics 13

  22. Capture the Flag • Steal secrets via hardware resource contention #ways Attacker Victim #sets secret in {0,….,127} Fill a cache set whose set index = secret Cache 6.888 - L1 Logistics 13

  23. Capture the Flag • Steal secrets via hardware resource contention #ways Attacker Victim #sets T = time(access cache set x) secret in {0,….,127} if (T > Threshold): secret = x Fill a cache set whose else: set index = secret check a different set Cache 6.888 - L1 Logistics 13

  24. Final Project (8 weeks) • Original research project • Solo or 2 person groups • Deliverables • Proposal (schedule pre-proposal meetings with me) • Weekly report (short and informal) + Checkpoint (5 min presentation) • Final report + Final presentation • Open-ended topics • Must have some hardware security angle 6.888 - L1 Logistics 14

  25. Hardware Security: The Evil and The Good • Attack modern processors • To thoroughly understand HW vulnerabilities 6.888 - L1 Introduction 15

  26. Hardware Security: The Evil and The Good • Attack modern processors • Secure computation on HW • To thoroughly understand HW • e.g., data oblivious abstraction, enclave vulnerabilities abstraction 6.888 - L1 Introduction 15

  27. Course Project Examples {Attacks, Defenses} x {Theory, Practice} • Attack + Practice • Discover an exploit in existing processors or existing applications • Attack + Theory • What architectural principles fundamentally leak what degree of privacy • Defense + Practice • Mitigate an existing threat using SW/HW • Defense + Theory • Mitigate broad classes of present+future threats 6.888 - L1 Introduction 16

  28. Collaboration Policy and Warning • Discussions are always encouraged. • You should carefully acknowledge all contributions of ideas by others, whether from classmates or from sources you have read. • MIT academic integrity guidelines 6.888 - L1 Introduction 17

  29. Warning • Please don’t attack other people’s computers or information without their prior permission. • MIT network rules 6.888 - L1 Introduction 18

  30. TODO Today • Check the paper list on http://csg.csail.mit.edu/6.888Yan/schedule.html • Fill the google form https://forms.gle/G6gh6sEYJ4UY24ePA • your background/interests (e.g., microarchitecture, theoretical crypto, system security) • Top 5 papers that you would like to present 6.888 - L1 Logistics 19

  31. Course Overview

  32. Why Hardware Security? User application Host operating system/Hypervisor Hardware Computing Systems 6.888 - L1 Introduction 21

  33. Why Hardware Security? User application Host operating system/Hypervisor Trusted Computing Base (TCB) Hardware Computing Systems 6.888 - L1 Introduction 21

  34. Why Hardware Security? • What is the interface between SW and HW? User application Host operating system/Hypervisor Trusted Computing Base (TCB) Hardware Computing Systems 6.888 - L1 Introduction 21

  35. Why Hardware Security TODAY? E.g, after Spectre and Meltdown User application Host operating system/Hypervisor Hardware Computing Systems 6.888 - L1 Introduction 22

  36. Why Hardware Security TODAY? E.g, after Spectre and Meltdown User application Host operating system/Hypervisor Hardware Open the Pandora’s box Computing Systems 6.888 - L1 Introduction 22

  37. Why Hardware Security TODAY? E.g, after Spectre and Meltdown User application Host operating system/Hypervisor Insufficient ISA Hardware Open the Pandora’s box Computing Systems 6.888 - L1 Introduction 22

  38. Preview of Modules/Topics • Introduction 1) Micro-architecture Side Channel 2) Enclaves 3) Opensource Hardware and Verification 4) Physical Side Channels 5) Memory Safety 6.888 - L1 Introduction 23

  39. Introduction • Commercial processor architectures that include security features: • LPAR in IBM mainframes (1970s) • IBM 4758 (2000s) • ARM TrustZone (2000s) • Intel TXT & TPM module (2000s) • Intel SGX (mid 2010s) • AMD SEV (late 2010s) 6.888 - L1 Introduction 24

  40. Micro-architecture Side Channels A Channel (a micro-architecture structure) Victim Attacker [*] Kiriansky et al. DAWG: a defense against cache timing attacks in speculative execution processors. MICRO’18 6.888 - L1 Introduction 25

  41. Micro-architecture Side Channels Access cache set [secret] A Channel (a micro-architecture structure) Victim Attacker [*] Kiriansky et al. DAWG: a defense against cache timing attacks in speculative execution processors. MICRO’18 6.888 - L1 Introduction 25

  42. Micro-architecture Side Channels Access cache set [secret] secret-dependent execution A Channel (a micro-architecture structure) Victim Attacker [*] Kiriansky et al. DAWG: a defense against cache timing attacks in speculative execution processors. MICRO’18 6.888 - L1 Introduction 25

Recommend

Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

SP SPACE ACE 201 2016 Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security Security: : New Front New Frontiers iers Swarup Bhunia Professor Electrical &amp; Computer Engineering SPACE | Dec 2016 1

607 views • 29 slides
Moving Hardware from Security through Obscurity to Secure by Design Profe fess ssor

Moving Hardware from Security through Obscurity to Secure by Design Profe fess ssor

Moving Hardware from Security through Obscurity to Secure by Design Profe fess ssor or Ryan Kastner er Dept. of Computer ter Science e and Engineer ineering ing Unive vers rsity ity of Californi ornia, a, San Diego

743 views • 41 slides
software and hardware for the Internet of Things. Choose hardware Design hardware Design

software and hardware for the Internet of Things. Choose hardware Design hardware Design

Zeidman Technologies has created a fundamentally new way to develop embedded software and hardware for the Internet of Things. Choose hardware Design hardware Design software Initial hardware choices determine Integrate functionality and

185 views • 15 slides
Bricks and Tools for Secure Hardware Implementations Francesco Regazzoni Francesco Regazzoni 06

Bricks and Tools for Secure Hardware Implementations Francesco Regazzoni Francesco Regazzoni 06

Bricks and Tools for Secure Hardware Implementations Francesco Regazzoni Francesco Regazzoni 06 June 2014, ibenik, Croatia P. 1 Why Electronic Design Automation? Surely the purpose of science is to ease human hardship Galileo,

846 views • 82 slides
Practical Secure Two-Party Computation and Applications Lecture 4: Hardware-Assisted

Practical Secure Two-Party Computation and Applications Lecture 4: Hardware-Assisted

Practical Secure Two-Party Computation and Applications Lecture 4: Hardware-Assisted Cryptographic Protocols Estonian Winter School in Computer Science 2016 Motivation 2 Two Areas Cryptographic Protocols Secure Hardware strong security

759 views • 52 slides
Hardware Design with VHDL Course Introduction ECE 443 Hardware Design with VHDL Instructor:

Hardware Design with VHDL Course Introduction ECE 443 Hardware Design with VHDL Instructor:

Hardware Design with VHDL Course Introduction ECE 443 Hardware Design with VHDL Instructor: Prof. Jim Plusquellic Text: RTL Harware Design Using VHDL: Coding for Efficiency, Portability, and Scalabil- ity, Pong P. Chu, ISBN-13:

482 views • 10 slides
Hardware Design with VHDL Course Introduction ECE 443 Hardware Design with VHDL Instructors:

Hardware Design with VHDL Course Introduction ECE 443 Hardware Design with VHDL Instructors:

Hardware Design with VHDL Course Introduction ECE 443 Hardware Design with VHDL Instructors: ECE: Jim Plusquellic FMAC: Craig Kief and Steve Suddarth Text: FPGA Prototyping By VHDL Examples, Xilinx Spartan-3 Version, Pong P. Chu, ISBN:

124 views • 8 slides
Secure Hardware HOW CAN WE PROTECT OUR HARDWARE ??? HOW CAN OUR HARDWARE PROTECT ITSELF ??? 1

Secure Hardware HOW CAN WE PROTECT OUR HARDWARE ??? HOW CAN OUR HARDWARE PROTECT ITSELF ??? 1

Secure Hardware HOW CAN WE PROTECT OUR HARDWARE ??? HOW CAN OUR HARDWARE PROTECT ITSELF ??? 1 OReilly 2 Trusted or Trustworthy? An object is trusted if and only if it operates as expected An object is trustworthy if and only if it is

707 views • 45 slides
CHES Tutorial Cryptographic hardware: how to make it cool, fast and secure Junfeng Fan KULeuven,

CHES Tutorial Cryptographic hardware: how to make it cool, fast and secure Junfeng Fan KULeuven,

9/9/2012 CHES Tutorial Cryptographic hardware: how to make it cool, fast and secure Junfeng Fan KULeuven, ESAT/SCD-COSIC CHES 2012 Crypto hardware 9/9/2012 CHES Tutorial: Crypto hardware design 3 1 9/9/2012 Smart card SoC (NXP P60C080)

826 views • 54 slides
Hardware Design for Cryptographers P . Schaumont Bradley Department of Electrical and Computer

Hardware Design for Cryptographers P . Schaumont Bradley Department of Electrical and Computer

Hardware-oriented Specification Hardware Circuits Hardware Description in C Hardware Design for Cryptographers P . Schaumont Bradley Department of Electrical and Computer Engineering Virginia Tech Blacksburg, VA Design and Security of

1.01k views • 63 slides
Flexible Hardware Design at Flexible Hardware Design at Low Levels of Abstraction Low Levels of

Flexible Hardware Design at Flexible Hardware Design at Low Levels of Abstraction Low Levels of

Flexible Hardware Design at Flexible Hardware Design at Low Levels of Abstraction Low Levels of Abstraction Emil Axelsson Hardware Description and Verification May 2009 Why low-level? Why low-level? Related question: Why is some software

908 views • 51 slides
The IBM 4758 Secure Cryptographic Coprocessor Hardware Architecture and Physical Security Steve

The IBM 4758 Secure Cryptographic Coprocessor Hardware Architecture and Physical Security Steve

The IBM 4758 Secure Cryptographic Coprocessor Hardware Architecture and Physical Security Steve Weingart Senior Engineer (561) 392 6100 c1shw@us.ibm.com Secure Systems and Smart Cards IBM T.J. Watson Research Center Hawthorne, NY 4758 PCI

386 views • 11 slides
Securing IoT with a hardware Secure Element Marc Renaudin - Serge Maginot - TIEMPO CONFIDENTIAL

Securing IoT with a hardware Secure Element Marc Renaudin - Serge Maginot - TIEMPO CONFIDENTIAL

Securing IoT with a hardware Secure Element Marc Renaudin - Serge Maginot - TIEMPO CONFIDENTIAL TIEMPO S.A.S. December 3, 2019 1 Outline Connected Objects Securing IoT with a hardware Secure Element Introduction Securing Treats

537 views • 10 slides
LibreCores Free and Open Digital Hardware Requirements Design Implementation Hardware

LibreCores Free and Open Digital Hardware Requirements Design Implementation Hardware

Digital hardware design What can we learn from software development and what not? Philipp Wagner @ FOSDEM 2017 LibreCores Free and Open Digital Hardware Requirements Design Implementation Hardware Verification Development Maintenance

523 views • 23 slides
Disentangle Secure-Enclave Hardware from Software Andrew Ferraiuolo, Andrew Baumann, Chris

Disentangle Secure-Enclave Hardware from Software Andrew Ferraiuolo, Andrew Baumann, Chris

Komodo: Using Verification to Disentangle Secure-Enclave Hardware from Software Andrew Ferraiuolo, Andrew Baumann, Chris Hawblitzel, Bryan Parno* Microsoft Research, Cornell University, Carnegie Mellon University* 1 Secure Remote

356 views • 21 slides
CTA Design Study CTA Design Study - Swiss Hardware Contributions - Swiss Hardware Contributions

CTA Design Study CTA Design Study - Swiss Hardware Contributions - Swiss Hardware Contributions

CTA Design Study CTA Design Study - Swiss Hardware Contributions - Swiss Hardware Contributions Isabel Braun Insttut for Partcle Physics, ETH Zrich CHIPP Plenary Meeting 2009, Appenberg Participating Institutes Participating Institutes

442 views • 16 slides
Hardware Security Modules: Attacks and Secure Configuration Graham Steel Graham Steel April

Hardware Security Modules: Attacks and Secure Configuration Graham Steel Graham Steel April

Hardware Security Modules: Attacks and Secure Configuration Graham Steel Graham Steel April 2014 Graham Steel - HSM Attacks and Secure Configuration April 2014 - 2/ 56 Secure Hardware History Military: WW2 Enigma machines - captured

667 views • 56 slides
Efficiency and agility: in secure hardware and in life! Nele Mentens KU Leuven, ESAT, imec-COSIC

Efficiency and agility: in secure hardware and in life! Nele Mentens KU Leuven, ESAT, imec-COSIC

Efficiency and agility: in secure hardware and in life! Nele Mentens KU Leuven, ESAT, imec-COSIC and ES&amp;S nele.mentens@kuleuven.be High-Tech Women, TU Darmstadt, March 4, 2020 Motivation Secure hardware: Why? What? How? High-Tech Women,

1.81k views • 89 slides
Language (HDL) Hardware Design Language 1987 About Technolution and me Technolution

Language (HDL) Hardware Design Language 1987 About Technolution and me Technolution

/ the right development Hardware Design Language (HDL) Hardware Design Language 1987 About Technolution and me Technolution Developer and supplier of working systems and products Gideon Zweijtzer System Architect Expertise:

544 views • 21 slides
Secure by Design

Secure by Design

Secure by Design Jason Yang Secure by Design

496 views • 33 slides
hocos SLT Programs hardware-oriented computer science Why This Presentation? Lectures must

hocos SLT Programs hardware-oriented computer science Why This Presentation? Lectures must

Steganography for Our Research Hardware Security DeepFake Detection Foci and Your Secure Opportunities Memristive Composition Cryptography Fault attacks and Ilia Polian Stochastic countermeasures Hardware-oriented Computer Science

706 views • 24 slides
Hardware Design with VHDL Sequential Circuit Design II ECE 443 Sequential Circuit Design:

Hardware Design with VHDL Sequential Circuit Design II ECE 443 Sequential Circuit Design:

Hardware Design with VHDL Sequential Circuit Design II ECE 443 Sequential Circuit Design: Practice Topics Poor design practice More counters Register as fast temporary storage Pipelining Synchronous design is the most

875 views • 75 slides
Why secure the OS? Works directly on the hardware but can be adapted during runtime Operating

Why secure the OS? Works directly on the hardware but can be adapted during runtime Operating

Why secure the OS? Works directly on the hardware but can be adapted during runtime Operating System Security Data and process are directly visible Application security can be circumvented from lower layers = &gt; good scope

103 views • 8 slides
CSE484/CSE584 SECURE DESIGN PRINCIPLES, OS, AND RUNTIME SECURITY Dr. Benjamin Livshits Some of

CSE484/CSE584 SECURE DESIGN PRINCIPLES, OS, AND RUNTIME SECURITY Dr. Benjamin Livshits Some of

CSE484/CSE584 SECURE DESIGN PRINCIPLES, OS, AND RUNTIME SECURITY Dr. Benjamin Livshits Some of f the Common Principles Minimize attack Secure by surface area Default Principle of Fail-Safe Least Stance Privilege Secure the

975 views • 56 slides

More recommend