Patrick Jauernig

Aakash Tyagi, Addison Crump, Ahmad-Reza Sadeghi et al.

The increasing complexity of modern processors poses many challenges to existing hardware verification tools and methodologies for detecting security-critical bugs. Recent attacks on processors have shown the fatal consequences of uncovering and exploiting hardware vulnerabilities. Fuzzing has emerged as a promising technique for detecting software vulnerabilities. Recently, a few hardware fuzzing techniques have been proposed. However, they suffer from several limitations, including non-applicability to commonly used Hardware Description Languages (HDLs) like Verilog and VHDL, the need for significant human intervention, and inability to capture many intrinsic hardware behaviors, such as signal transitions and floating wires. In this paper, we present the design and implementation of a novel hardware fuzzer, TheHuzz, that overcomes the aforementioned limitations and significantly improves the state of the art. We analyze the intrinsic behaviors of hardware designs in HDLs and then measure the coverage metrics that model such behaviors. TheHuzz generates assembly-level instructions to increase the desired coverage values, thereby finding many hardware bugs that are exploitable from software. We evaluate TheHuzz on four popular open-source processors and achieve 1.98x and 3.33x the speed compared to the industry-standard random regression approach and the state-of-the-art hardware fuzzer, DiffuzRTL, respectively. Using TheHuzz, we detected 11 bugs in these processors, including 8 new vulnerabilities, and we demonstrate exploits using the detected bugs. We also show that TheHuzz overcomes the limitations of formal verification tools from the semiconductor industry by comparing its findings to those discovered by the Cadence JasperGold tool.

Raad Bahmani, Ferdinand Brasser, Ghada Dessouky et al.

Security architectures providing Trusted Execution Environments (TEEs) have been an appealing research subject for a wide range of computer systems, from low-end embedded devices to powerful cloud servers. The goal of these architectures is to protect sensitive services in isolated execution contexts, called enclaves. Unfortunately, existing TEE solutions suffer from significant design shortcomings. First, they follow a one-size-fits-all approach offering only a single enclave type, however, different services need flexible enclaves that can adjust to their demands. Second, they cannot efficiently support emerging applications (e.g., Machine Learning as a Service), which require secure channels to peripherals (e.g., accelerators), or the computational power of multiple cores. Third, their protection against cache side-channel attacks is either an afterthought or impractical, i.e., no fine-grained mapping between cache resources and individual enclaves is provided. In this work, we propose CURE, the first security architecture, which tackles these design challenges by providing different types of enclaves: (i) sub-space enclaves provide vertical isolation at all execution privilege levels, (ii) user-space enclaves provide isolated execution to unprivileged applications, and (iii) self-contained enclaves allow isolated execution environments that span multiple privilege levels. Moreover, CURE enables the exclusive assignment of system resources, e.g., peripherals, CPU cores, or cache resources to single enclaves. CURE requires minimal hardware changes while significantly improving the state of the art of hardware-assisted security architectures. We implemented CURE on a RISC-V-based SoC and thoroughly evaluated our prototype in terms of hardware and performance overhead. CURE imposes a geometric mean performance overhead of 15.33% on standard benchmarks.

Sebastian P. Bayerl, Tommaso Frassetto, Patrick Jauernig et al.

Performing machine learning tasks in mobile applications yields a challenging conflict of interest: highly sensitive client information (e.g., speech data) should remain private while also the intellectual property of service providers (e.g., model parameters) must be protected. Cryptographic techniques offer secure solutions for this, but have an unacceptable overhead and moreover require frequent network interaction. In this work, we design a practically efficient hardware-based solution. Specifically, we build Offline Model Guard (OMG) to enable privacy-preserving machine learning on the predominant mobile computing platform ARM - even in offline scenarios. By leveraging a trusted execution environment for strict hardware-enforced isolation from other system components, OMG guarantees privacy of client data, secrecy of provided models, and integrity of processing algorithms. Our prototype implementation on an ARM HiKey 960 development board performs privacy-preserving keyword recognition using TensorFlow Lite for Microcontrollers in real time.

Tigist Abera, Ferdinand Brasser, Lachlan J. Gunn et al.

Autonomous collaborative networks of devices are rapidly emerging in numerous domains, such as self-driving cars, smart factories, critical infrastructure, and Internet of Things in general. Although autonomy and self-organization are highly desired properties, they increase vulnerability to attacks. Hence, autonomous networks need dependable mechanisms to detect malicious devices in order to prevent compromise of the entire network. However, current mechanisms to detect malicious devices either require a trusted central entity or scale poorly. In this paper, we present GrandDetAuto, the first scheme to identify malicious devices efficiently within large autonomous networks of collaborating entities. GrandDetAuto functions without relying on a central trusted entity, works reliably for very large networks of devices, and is adaptable to a wide range of application scenarios thanks to interchangeable components. Our scheme uses random elections to embed integrity validation schemes in distributed consensus, providing a solution supporting tens of thousands of devices. We implemented and evaluated a concrete instance of GrandDetAuto on a network of embedded devices and conducted large-scale network simulations with up to 100000 nodes. Our results show the effectiveness and efficiency of our scheme, revealing logarithmic growth in run-time and message complexity with increasing network size. Moreover, we provide an extensive evaluation of key parameters showing that GrandDetAuto is applicable to many scenarios with diverse requirements.