GGrantIndex
← Search

CAREER: Weird Machines: a New Foundation for Advancing Microarchitectural Security

$554,371FY2022CSENSF

College Of William And Mary, Williamsburg VA

Investigators

Abstract

The Central Processing Unit (CPU) is a key element of a typical computing system. To improve performance, microarchitecture (MA) of modern CPUs include multiple sub-systems with complex internal state and functionality. While improving performance, these sub-systems often trigger unexpected observable side-effects which are known to enable attacks resulting in sensitive data leakage. The ever-growing complexity of CPU components and the complex nature of the cross-component interaction make it challenging to detect such effects. This CAREER project utilizes the concept of weird machines, a theoretical framework that enables analyzing security vulnerabilities via the theory of computation. According to this concept, vulnerabilities create a new computational model within the original computational entity with properties not intended by its design. Previously, weird machines were mostly used to study software systems. This CAREER project utilizes the concept of weird machines to systematically identify MA side effects and explore how they can be used by a potential attacker. The investigator has discovered that the interaction of MA components creates a new programmable computational model within the CPU microarchitecture that is invisible to existing methods of analysis. At the same time, it can be used to hide malicious activities or to trigger unexpected systems behaviors. The project’s novelties are 1) using the concept of weird machines to study MA security, 2) exploring computational capabilities of MA side effects, 3) investigating use cases for the new model of computation. The project's broader significance and importance are 1) improving the understanding of the attack surface in modern computer systems, 2) establishing a new approach for identifying and documenting MA side effects to be used for research and education. This CAREER project is centered on three main objectives. First, known MA side-effects are documented as weird machine primitives, followed by an automated search for new side-effects. Second, the computational capabilities and practicality of MA weird machines are investigated including programmability of such machines and methods to improve their reliability. In addition, the project explores the feasibility of constructing a universal MA weird machine capable of performing arbitrary computations. Third, the established MA weird machines framework is applied to study known types of MA attacks, such as side channels, enabling discovery of new attack variants. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

View original record on NSF Award Search →