THESIS
2020
xi leaves, 88 pages : illustrations ; 30 cm
Abstract
Due to the ever-evolving performance demands, new components and features are being
introduced into modern processors, for instance, hardware accelerators like field-programmable
gate array (FPGA) and integrated graphics processing units (iGPUs), as well as sandbox features
like Intel Software Guard Extension (SGX).
The impact of this trend is twofold. First, it offers more flexibility on how to implement
security enforcement for the system. The first part of this dissertation looks into opportunities
for FPGA and new processor features to be adapted to provide security defense for software applications.
Specifically, we design a hardware-assisted control flow integrity approach to protect
user programs against code reuse attacks. According to the experiments, our approach incu...[
Read more ]
Due to the ever-evolving performance demands, new components and features are being
introduced into modern processors, for instance, hardware accelerators like field-programmable
gate array (FPGA) and integrated graphics processing units (iGPUs), as well as sandbox features
like Intel Software Guard Extension (SGX).
The impact of this trend is twofold. First, it offers more flexibility on how to implement
security enforcement for the system. The first part of this dissertation looks into opportunities
for FPGA and new processor features to be adapted to provide security defense for software applications.
Specifically, we design a hardware-assisted control flow integrity approach to protect
user programs against code reuse attacks. According to the experiments, our approach incurs
a negligible 0.11% runtime performance overhead but suppresses 89.2% of the attack surface.
The second impact is that it has become challenging for system designers to ensure security as
the complexity of computer architecture increases. If an attacker discovers an exploitable security
flaw in the hardware, the software applications running on top of them are at risk. To this
end, this thesis aims to scrutinize the hardware-software stack of some new hardware features
in modern Intel processors from a security perspective. Several security flaws are identified in
iGPUs and SGX. For iGPUs, we disclose an information leakage vulnerability caused by incomplete
enforcement of the GPU context switch. With this vulnerability, adversaries can steal
cryptographic keys from an encryption algorithm running on an iGPU, or snoop user activities
in the popular Chrome browser based on the leaked information. In SGX, an adversary can
eavesdrop coarse-grained information in the victim program by side-channel attacks due to the
insecure hardware design.
Post a Comment