CAREER: Enabling Robust and Adaptive Architectures through a Decoupled Security-Centric Hardware/Software Stack
University Of Virginia Main Campus, Charlottesville VA
Investigators
Abstract
The growing complexity in modern systems has placed substantial limits on our ability to comprehensively assess threats and deploy timely mitigations. According to Google’s Project Zero, a new exploit is discovered in the wild every 17 days, although it takes an average of 15 days across all vendors to patch a vulnerability, highlighting the inability of existing solutions to scale with the rapidly evolving threat landscape. This project takes a radically new approach by developing a holistic security-centric hardware/software stack that is decoupled from the Instruction Set Architecture (ISA), so as to empower software to dynamically push expressive security policies to hardware, where they can be transparently and efficiently enforced on-demand and in-the-field through novel hardware design mechanisms, without the need for recompilation, redeployment, and frequent hardware upgrades. This work is expected to significantly enhance robustness, versatility, flexibility, and adaptability of modern architectures in the range and types of exploits they can mitigate, while simultaneously minimizing both the time to mitigation and the cost of deployment. This project will also address the urgent need to boost the nation’s cybersecurity workforce through (a) curriculum development and ethical hacking workshops targeted at high school, college, and professional students, (b) development of community research infrastructure and evaluation testbeds for rapid assessment of security policies, and (c) research mentorship of undergraduate students on security-related projects. This project entails three synergistic research thrusts that together enable a holistic full system across-the-stack solution for timely mitigation of exploits. The first thrust will develop a decoupled security-centric hardware/software interface to allow software to capture interactions and relationships among the different subjects and objects in the system and specify an expressive set of security policies in the form of logic formulas, to mitigate a wide range of hardware and software attacks ranging from memory and type safety to transient execution attacks. The second thrust will develop novel hardware design mechanisms and microcode primitives to evaluate and enforce the security policies specified in software, while maintaining high levels of performance with minimal impact on power and area. The third thrust will develop innovative hardware-based attribute tracking mechanisms to transparently track the flow of high-level software attributes, during execution, to enhance the effectiveness of the underlying hardware enforcement mechanisms. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
View original record on NSF Award Search →