CS 6501/4501: Hardware Security

Meeting Time/Location: Tu/Th 2pm-3:30pm @ Olsson 011
The goal of this course is to investigate modern architectures for security flaws, craft exploits on real machines, and explore novel security-aware architectures. The course is highly research-oriented and entails state-of-the-art literature survey and in-class brainstorming of ideas and experiments. By taking this course, students will:
  • become conversant with security issues that plague the modern semiconductor industry, and understand state-of-the-art defense mechanisms,
  • learn how to craft attacks that exploit security vulnerabilities in modern processors,
  • identify new security vulnerabilities and/or motivate new solutions to existing attacks,
  • gain experience working on a research project with active mentorship.

This course is highly exploratory and cross-disciplinary in nature. While our general theme will be hardware security, we will explore topics that span multiple disciplines of computer science, including but not limited to, machine learning (e.g., perceptron predictors, adversarial learning), programming languages (e.g., program analysis, dynamic code instrumentation), and software engineering (e.g., formal verification). In fact, prior offering of this course has produced two top-tier publications in the intersection of programming languages, computer networks, architecture, and security.

Textbook:
Other (frequently referenced) online resources:.

Contact

We will use Piazza as our class forum, and our primary mode of communication outside of class. All general inquiries must be made on Piazza. For group-specific questions or private questions, you can either email me or post a private question on Piazza.

Instructor:
    Ashish Venkat (email: <lastname>@virginia.edu)
    Office Hours: By appointment.

Prerequisites

This is a research seminar course -- we will be exploring advanced topics in architecture and security. All graduate students are welcome to enroll. Third and Fourth year undergraduate students interested to enroll should meet a minimum prerequisite requirement of having taken the undergraduate computer architecture course CS 3330 or equivalent. Graduate students who focus on other complimentary CS disciplines are encouraged to enroll, but are expected to pick up relevant architecture background as we progress through the course. This course will satisfy breadth requirements under the "Computer Systems" and "Computer Security" category.

Useful resources to pick up architecture background:
  • Graduate Architecture Textbook: Hennessy and Patterson, "Computer Architecture: A Quantitative Approach"
  • Undergraduate Architecture Textbook: Patterson and Hennessy, "Computer Organization and Design: the Hardware/Software Interface"

Grading

The grading breakdown for this course is:

If you are an undergraduate student, you are required to present fewer research papers. In addition, you are allowed to work in groups of 3-4 students for the course project. The grading breakdown for undergraduate students is as follows. We will NOT use an absolute grading scale for this course. Your final grades will be assigned based on your overall performance, relative to the class average.

Course Project

You will be choosing one of several research projects that I’ve identified. I will provide enough background for each of these projects (including an abstract and an initial reading list) and will meet with each group every week, to ensure that you’re on track. You are more than welcome to suggest your own topic for the project as long as you convince me of its novelty and relevance. More details will appear on Piazza for enrolled students.

There will be five milestones for the course project documenting related work, design mechanisms, and your experimental findings. Links to milestone requirements and grading criteria:

Guidelines and Policies:
  • All students in the group will receive the same grade. In addition, each individual member will be given a chance to evaluate other members of the group at every milestone of the project.
  • All milestone reports are to be turned in electronically at 11:59pm Eastern Time.
  • Milestone reports are to be typeset in LaTeX using the ISCA 2020 template
  • Late reports are not encouraged, but will be accepted with a flat 10% (of the maximum score) penalty, until two days after the report is due. Reports submitted later than that will not be accepted.

Schedule

Date Topic Discussion Lead(s)
Jan 19 Introduction, Motivation, and Course Logistics Venkat
Jan 24 Brief Review of Modern Processors
Reading:
Chapters 1 and 2 from Processor Microarchitecture: An Implementation Perspective
Chapters 2.3, 2.2, and 2.1 from Intel® 64 and IA-32 Architectures Optimization Reference Manual in that order.
Venkat
Jan 26 Fundamentals of Computer Security
Reading: Chapters 2.1-2.3
Section 1 from The Protection of Information in Computer Systems, IEEE 1975
Venkat
Jan 31 Capabilities and Access Control
Reading:
Section 2 from The Protection of Information in Computer Systems, IEEE 1975
SoK: Sanitizing for Security, S&P 2019
The CHERI capability model: Revisiting RISC in an age of risk, ISCA 2014
Venkat
Feb 2 Side and Covert Channels-1
Reading: Chapter 8
A Note on the Confinement Problem, CACM 1973
Covert and Side Channels due to Processor Architecture, ACSAC 2006
Last-Level Cache Side-Channel Attacks are Practical, IEEE S&P 2015
Venkat
Feb 7 Side and Covert Channels-2
Reading:
New cache designs for thwarting software cache-based side channel attacks, ISCA 2007
BranchScope: A New Side-Channel Attack on Directional Branch Predictor, ASPLOS 2018
Jump Over ASLR: Attacking Branch Predictors to Bypass ASLR, MICRO 2016
Venkat
Feb 9 Transient Execution Attacks
Reading: Chapters 3.2-3.3
Spectre Attacks: Exploiting Speculative Execution, S&P 2019
The Evolution of Transient-Execution Attacks, GLVLSI 2020
Venkat
Feb 14 Transient Execution Attack Mitigations
Reading:
Evolution of Defenses against Transient-Execution Attacks, GLVLSI 2020
InvisiSpec: Making Speculative Execution Invisible in the Cache Hierarchy, MICRO 2018
Context-Sensitive Fencing: Securing Speculative Execution via Microcode Customization, ASPLOS 2019
CleanupSpec: An "Undo" Approach to Safe Speculation, MICRO 2019
Venkat
Feb 16 Information-Flow Tracking-1
Reading:
Secure Program Execution via Dynamic Information Flow Tracking, ASPLOS 2004
Speculative Taint Tracking (STT): A Comprehensive Protection for Speculatively Accessed Data, MICRO 2019
Venkat
Feb 21 Information-Flow Tracking-2
Reading:
A Hardware Design Language for Timing-Sensitive Information-Flow Security, ASPLOS 2015
Venkat
Feb 23 Trusted Execution Environments
Reading:
AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing, ICS 2003
Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems, S&P 2015
Venkat
Feb 28 Supply Chain Security
Reading:
A2: Analog Malicious Hardware, S&P 2016
FANCI: Identification of Stealthy Malicious Logic Using Boolean Functional Analysis, CCS 2013
Venkat
Mar 14 Project Feasibility Study Brainstorming
Venkat
Mar 16 Attack Detection and Temperature Side-Effects
Kalita and Mathur
Mar 21 Performance Degradation Attacks and Silencing Backdoors
Lue and Krishnan Murali
Mar 23 Microarchitctural Data Sampling, aEPIC Attacks, Indistinguishability
Kiran
Mar 28 The Challenges, Perils, and Pitfalls of using Hardware Performance Counters for Security
Kalita
Mar 30 Physical and other unonventional Disclosure Methods
Yang and Hail
Apr 4 TBD
Yang and Kiran
Apr 6 TBD
Yang and Hildebrand
Apr 11 TBD
Lue and Hail
Apr 18 TBD
Hildebrand and Krishnan Murali
Apr 20 TBD
Mathur
Apr 27 TBD
Upadhyay and Krishnan Murali
May 2 TBD
Upadhyay

Honor Code

I trust every student in this course to fully abide by the University's Honor Code and pledge to not commit academic fraud. You are allowed to discuss, collaborate, and brainstorm both within and outside your group. You're also free to lookup and use source code/tools on the internet with appropriate citations. However, you're not allowed to plagiarize text from another student's assignment or from the internet, and/or falsify data. Cheating will be taken seriously and will be reported to the honor committee. All suspected honor violations will receive an immediate zero on that assignment regardless of any action taken by the Honor Committee.

    Please let me know if you have any questions regarding the course Honor policy. If you believe you may have committed an Honor Offense, you may wish to file a Conscientious Retraction by calling the Honor Offices at (434) 924-7602. For your retraction to be considered valid, it must, among other things, be filed with the Honor Committee before you are aware that the act in question has come under suspicion by anyone. More information can be found here. Your Honor representatives can be found at this link

    Learning Accommodations

    Students with disabilities or learning needs
    It is my goal to create a learning experience that is as accessible as possible. If you anticipate any issues related to the format, materials, or requirements of this course, please meet with me outside of class so we can explore potential options. Students with disabilities may also wish to work with the Student Disability Access Center to discuss a range of options to removing barriers in this course, including official accommodations. Please visit their website for information on this process and to apply for services online. If you have already been approved for accommodations through SDAC, please send me your accommodation letter and meet with me so we can develop an implementation plan together.

    Discrimination and power-based violence
    The University of Virginia is dedicated to providing a safe and equitable learning environment for all students. To that end, it is vital that you know two values that I and the University hold as critically important:
    1. Power-based personal violence will not be tolerated.
    2. Everyone has a responsibility to do their part to maintain a safe community on Grounds.
    If you or someone you know has been affected by power-based personal violence, more information can be found on the UVA Sexual Violence website that describes reporting options and resources available.
      As your professor and as a person, know that I care about you and your well-being and stand ready to provide support and resources as I can. As a faculty member, I am a responsible employee, which means that I am required by University policy and federal law to report what you tell me to the University's Title IX Coordinator. The Title IX Coordinator's job is to ensure that the reporting student receives the resources and support that they need, while also reviewing the information presented to determine whether further action is necessary to ensure survivor safety and the safety of the University community. If you wish to report something that you have seen, you can do so at the Just Report It portal. The worst possible situation would be for you or your friend to remain silent when there are so many here willing and able to help.

      Religious accommodations
      It is the University's long-standing policy and practice to reasonably accommodate students so that they do not experience an adverse academic consequence when sincerely held religious beliefs or observances conflict with academic requirements. Students who wish to request academic accommodation for a religious observance should submit their request in writing directly to me as far in advance as possible. Students who have questions or concerns about academic accommodations for religious observance or religious beliefs may contact the University’s Office for Equal Opportunity and Civil Rights (EOCR) at UVAEOCR@virginia.edu or (434) 924-3200.