Collaborative Research: SaTC: CORE: Small: Exploration of Shared Memory Related Security Challenges in Mobile Computing Platforms
University Of California-Santa Cruz, Santa Cruz CA
Investigators
Abstract
Mobile devices, such as smartphones and tablets, embed multiple processors to efficiently carry different types of computation. In such systems, applications running on different processors store their data on a single shared memory. This project uncovers certain security vulnerabilities that mobile systems with shared memories possess. Leveraging these vulnerabilities, a malicious party could circumvent existing protection mechanisms and extract sensitive information by monitoring data access patterns. The research will develop a framework to better understand potential attacks and investigate several protection mechanisms. Broader comprehension and mitigation of these attacks hold crucial importance in protecting intellectual property and user privacy in mobile devices. The award contributes to enabling a more secure operation of billions of mobile devices used daily around the globe. This project investigates a critical side-channel leakage mechanism based on the memory-access contention occurring when multiple applications execute together in a multi-processor system with shared memory. An adversary could exploit this leakage to build attacks and extract intellectual property, such as the hyper-parameters of neural networks used in biometric authentication, without requiring special privileges or comprised hardware. This project builds upon an attacker framework to extract unique memory-contention-based signatures of victim applications. New profiling and analysis techniques are developed to capture non-linear memory access characteristics of machine learning and artificial intelligence workloads. The signatures are then used to create reverse-engineering, information extraction and denial-of-service based attacks. Finally, various countermeasures at architecture- and system-level are developed against the new attacks. The research team investigates the security, performance, area, and energy implications of new memory controller scheduling policies and randomization-based solutions. This project unveils a previously overlooked class of cybersecurity threats with financial and privacy-related impacts. The awareness and mitigation of the new security issues strengthen the trustworthy operation of billions of mobile devices. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
View original record on NSF Award Search →