CS 4501: Hardware Security

Meeting Time/Location: Tu/Th 2pm-3:30pm @ Rice 032
The goal of this course is to investigate modern architectures for security flaws, craft exploits on real machines, and explore novel security-aware architectures. The course is highly research-oriented and entails state-of-the-art literature survey and in-class brainstorming of ideas and experiments. By taking this course, students will:
  • become conversant with security issues that plague the modern semiconductor industry, and understand state-of-the-art defense mechanisms,
  • learn how to craft attacks that exploit security vulnerabilities in modern processors,
  • identify new security vulnerabilities and/or motivate new solutions to existing attacks,
  • gain experience working on a research project with active mentorship.

This course is highly exploratory and cross-disciplinary in nature. While our general theme will be hardware security, we will explore topics that span multiple disciplines of computer science, including but not limited to, machine learning (e.g., perceptron predictors, adversarial learning), programming languages (e.g., program analysis, dynamic code instrumentation), and software engineering (e.g., formal verification). In fact, prior offering of this course has produced four top-tier publications in the intersection of programming languages, computer networks, architecture, and security, and among them one paper has won a prestigious ``Top Pick Award'' and another has been nominated for the Best Paper Award.

Textbook:
Other (frequently referenced) online resources:.

Contact

We will use Piazza as our class forum, and our primary mode of communication outside of class. All general inquiries must be made on Piazza. For group-specific questions or private questions, you can either email me or post a private question on Piazza.

Instructor:
    Ashish Venkat (email: <lastname>@virginia.edu)
    Office Hours: By appointment.
Teaching Assistant:

Prerequisites

This is an upper-level research seminar course and we will be exploring advanced topics. Undergraduate students interested to enroll should meet a minimum prerequisite requirement of having taken the undergraduate computer architecture course CS 3130, CS 3330, or equivalent. Concurrent enrollment in these courses will not qualify towards meeting the pre-requisite requirement.

Useful resources to pick up architecture background:
  • Undergraduate Architecture Textbook: Patterson and Hennessy, "Computer Organization and Design: the Hardware/Software Interface"
  • Graduate Architecture Textbook: Hennessy and Patterson, "Computer Architecture: A Quantitative Approach"

Grading

The grading breakdown for this course is:

  • 20%: In-Class Hacking Workshop (to be held between Feb 20-29)
  • 10%: Peer Review
  • 60%: Semester-long Research Project in groups of 3-4 students
  • 10%: Student Presentations
We will NOT use an absolute grading scale for this course. Your final grades will be assigned based on your overall performance, relative to the class average.

Course Project

You will be choosing one of several research projects that I’ve identified. I will provide enough background for each of these projects (including an abstract and an initial reading list) and will meet with each group every week, to ensure that you’re on track. You are more than welcome to suggest your own topic for the project as long as you convince me of its novelty and relevance. More details will appear on Piazza for enrolled students.

There will be five milestones for the course project documenting related work, design mechanisms, and your experimental findings. Links to milestone requirements and grading criteria:

Guidelines and Policies:
  • All students in the group will receive the same grade. In addition, each individual member will be given a chance to evaluate other members of the group at every milestone of the project.
  • All milestone reports are to be turned in electronically at 11:59pm AoE.
  • Milestone reports are to be typeset in LaTeX using the ISCA 2024 template
  • Late reports are not encouraged, but will be accepted with a flat 10% (of the maximum score) penalty, until two days after the report is due. Reports submitted later than that will not be accepted.

Schedule

Date Topic
Jan 18 Introduction, Motivation, and Course Logistics
Jan 23 Review of Modern Processors-1
Reading:
Chapters 1 and 2 from Processor Microarchitecture: An Implementation Perspective
Jan 25 Review of Modern Processors-2
Reading:
Chapters 2.4, 2.3, 2.2, and 2.7 from Intel® 64 and IA-32 Architectures Optimization Reference Manual in that order.
Jan 30 Fundamentals of Computer Security-1
Reading: Chapters 2.1-2.3
Section 1 from The Protection of Information in Computer Systems, IEEE 1975
Feb 1 Fundamentals of Computer Security-2
Reading: Chapters 2.1-2.3
Section 1 from The Protection of Information in Computer Systems, IEEE 1975
Feb 6 Memory Safety
Reading:
SoK: Eternal War in Memory, S&P 2013
SoK: Sanitizing for Security, S&P 2019
Feb 8 Early Protection Mechanisms
Reading:
Chapters 3 and 4 from the Intel Pentium 4 Manual
Feb 13 Capabilities and Access Control
Reading:
The Confused Deputy: (or why capabilities might have been invented), ACM SIGOPS Operating Systems Review 1988
Section 2 from The Protection of Information in Computer Systems, IEEE 1975
Feb 15 Capability Machines
Reading:
The CHERI capability model: Revisiting RISC in an age of risk, ISCA 2014
CHEx86: Context-Sensitive Enforcement of Memory Safety via Microcode-Enabled Capabilities, ISCA 2020
Feb 20-27 In-Class Hacking Workshop-1
Feb 29 Side and Covert Channels
Reading: Chapter 8
A Note on the Confinement Problem, CACM 1973
Covert and Side Channels due to Processor Architecture, ACSAC 2006
Last-Level Cache Side-Channel Attacks are Practical, IEEE S&P 2015
Mar 5-7 Spring Break
Mar 12 Transient Execution Attacks
Reading:
Spectre Attacks: Exploiting Speculative Execution, S&P 2019
I See Dead µops: Leaking Secrets via Intel/AMD Micro-Op Caches, ISCA 2021
Mar 14-19 In-Class Hacking Workshop-2
Mar 21 Side Channel Defenses
Reading:
New cache designs for thwarting software cache-based side channel attacks, ISCA 2007
SecSMT: Securing SMT Processors against Contention-Based Covert Channels, USENIX Security 2022
Mar 26 Transient Execution Attack Mitigations
Reading:
InvisiSpec: Making Speculative Execution Invisible in the Cache Hierarchy, MICRO 2018
Context-Sensitive Fencing: Securing Speculative Execution via Microcode Customization, ASPLOS 2019
This is How You Lose the Transient Execution War, arXiV 2023
Mar 28 No Class (DARPA Meeting)
Apr 2 Information-Flow Tracking
Reading:
A Lattice Model of Secure Information Flow, Communications of the ACM 1976
Secure Program Execution via Dynamic Information Flow Tracking, ASPLOS 2004
A Hardware Design Language for Timing-Sensitive Information-Flow Security, ASPLOS 2015
Apr 4 Trusted Execution Environments
Reading:
AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing, ICS 2003
Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems, S&P 2015
Apr 9 Supply Chain Security
Reading:
A2: Analog Malicious Hardware, S&P 2016
Hardware Trojan Threats in eNVM Neuromorphic Devices, DATE 2023
FANCI: Identification of Stealthy Malicious Logic Using Boolean Functional Analysis, CCS 2013
Apr 11-30 Student Presentations

Honor Code

I trust every student in this course to fully abide by the University's Honor Code and pledge to not commit academic fraud. You are allowed to discuss, collaborate, and brainstorm both within and outside your group. You're also free to lookup and use source code/tools on the internet with appropriate citations. However, you're not allowed to plagiarize text from another student's assignment or from the internet, and/or falsify data. Cheating will be taken seriously and will be reported to the honor committee. All suspected honor violations will receive an immediate zero on that assignment regardless of any action taken by the Honor Committee.

    Please let me know if you have any questions regarding the course Honor policy. If you believe you may have committed an Honor Offense, you may wish to file a Conscientious Retraction by calling the Honor Offices at (434) 924-7602. For your retraction to be considered valid, it must, among other things, be filed with the Honor Committee before you are aware that the act in question has come under suspicion by anyone. More information can be found here. Your Honor representatives can be found at this link

    Learning Accommodations

    Students with disabilities or learning needs
    It is my goal to create a learning experience that is as accessible as possible. If you anticipate any issues related to the format, materials, or requirements of this course, please meet with me outside of class so we can explore potential options. Students with disabilities may also wish to work with the Student Disability Access Center to discuss a range of options to removing barriers in this course, including official accommodations. Please visit their website for information on this process and to apply for services online. If you have already been approved for accommodations through SDAC, please send me your accommodation letter and meet with me so we can develop an implementation plan together.

    Discrimination and power-based violence
    The University of Virginia is dedicated to providing a safe and equitable learning environment for all students. To that end, it is vital that you know two values that I and the University hold as critically important:
    1. Power-based personal violence will not be tolerated.
    2. Everyone has a responsibility to do their part to maintain a safe community on Grounds.
    If you or someone you know has been affected by power-based personal violence, more information can be found on the UVA Sexual Violence website that describes reporting options and resources available.
      As your professor and as a person, know that I care about you and your well-being and stand ready to provide support and resources as I can. As a faculty member, I am a responsible employee, which means that I am required by University policy and federal law to report what you tell me to the University's Title IX Coordinator. The Title IX Coordinator's job is to ensure that the reporting student receives the resources and support that they need, while also reviewing the information presented to determine whether further action is necessary to ensure survivor safety and the safety of the University community. If you wish to report something that you have seen, you can do so at the Just Report It portal. The worst possible situation would be for you or your friend to remain silent when there are so many here willing and able to help.

      Religious accommodations
      It is the University's long-standing policy and practice to reasonably accommodate students so that they do not experience an adverse academic consequence when sincerely held religious beliefs or observances conflict with academic requirements. Students who wish to request academic accommodation for a religious observance should submit their request in writing directly to me as far in advance as possible. Students who have questions or concerns about academic accommodations for religious observance or religious beliefs may contact the University’s Office for Equal Opportunity and Civil Rights (EOCR) at UVAEOCR@virginia.edu or (434) 924-3200.