Hardware That Protects Against Software Attacks

As we increasingly rely on computing systems for managing sensitive information as well as critical operations such as autonomous driving, the security of such computing systems is becoming an essential component of system design. In particular, software-based attacks pose the most serious risk. Compared to physical attacks, they can easily scale to target a large number of remote networked systems.

Today’s computing systems are far from secure. In order to provide comprehensive protection with high assurance, we need a more foundational approach to computer system security.

Gookwon Edward Suh and Zhiru Zhang, Electrical and Computer Engineering, and Andrew C. Myers, Computer Science, aim to develop both hardware architecture and design tools to provide comprehensive and provable security assurance for future computing systems against software-level attacks that exploit seven common vulnerability classes. To achieve this, they are designing and building a new secure processor architecture that enforces strong information flow security at the hardware level as well as design tools that formally verify the security of a program’s implementation.

This approach is built around a key observation that all seven common vulnerability classes involve a violation at the hardware level of either a confidentiality or an integrity constraint for information flow. Therefore, all seven vulnerability classes can be addressed using hardware-level information flow control.

The new architecture will be designed to provide comprehensive protection for modern Systems-on-Chip platforms, which include both traditional processing cores and custom hardware accelerators.

Cornell Researchers

Funding Received

$2.9 Million spanning 4 years

Sponsored by

Other Research Sponsored by United States Department of Defense, Defense Advanced Research Project Agency