The ever-increasing number of security threats and the cost of compromised systems are quickly forcing security to be a first-order design requirement in computer systems in addition to the traditional requirements of speed, energy-efficiency, cost, programmability and usability. This emphasis on security, coupled with the prohibitive performance cost of purely software security solutions, and increasing hardware budgets, provide a golden opportunity to architects to contribute towards mitigating the threats posed by this important problem.
The purpose of the tutorial is to introduce computer architects to security concepts and inform them about threats and solutions with the goal of stimulating interdisciplinary research in security and architecture. Specifically, the tutorial will discuss security concepts and principles --- such as why security problems arise, the nature of security threats, and how hardware can help mitigate some of the security challenges. It will also touch upon some state-of-the-art hardware security research. The tutorial will discuss guidelines for interdisciplinary architecture and security research.
Attendees will not be expected to have any prior familiarity with security.
State of security today. Importance of trustworthy computing. Essential security properties: confidentiality, integrity, availability. Threats and Attacks. Security policies versus security mechanisms, Multi-level security versus Multi-lateral security policies. Defense in depth. Taxonomy of security vulnerabilities based on threat vector, target and security property violated; sources of insecurity. Differences between: security and reliability, security and privacy. How can architects contribute to trustworthy computing?
Protecting confidentiality: encryption/decryption techniques, importance of key management. Protecting integrity: cryptographic hashing, techniques for control-flow and data-flow integrity of programs, memory integrity, memory and type safety. Hardware primitives for providing confidentiality and integrity. Information flow tracking. Protecting Availability: diversity based solutions. Anomaly detection.
Trusted Computing Group's Trusted Platform Modules (TPM), architecture concepts, retrospective and future, device and software stack authentication. Designing trustworthy hardware: protecting against covert channels and side channels; protecting against supply-chain attacks.
Mindset for security research: proactive vs. reactive research. Specifying threat models/attack space, formal techniques vs. rigorous informal techniques, benchmarks and metrics. Research platforms. Cloud computing security and security in emerging technologies. Funding opportunities for research.
|9:00 – 9:30||Introduction, Threats and Attacks||Simha|
|9:30 – 10:45||Security Basics||Ruby|
|10:45 – 11:00||Morning Coffee Break|
|11:00 – 12:00||Protecting Confidentiality||Ruby|
|12:00 – 1:30||Lunch|
|1:30 – 2:30||Protecting Integrity||Ed|
|2:30 – 3:15||Protecting Availability||Ed|
|3:15 – 3:30||Afternoon Coffee Break|
|3:30 – 4:15||Designing Trustworthy Hardware||Simha|
|4:15 – 4:45||Microarchitectural Side Channels||Simha|
|4:45 – 5:15||Research Directions||Ruby/Simha/Ed|
Ruby B. Lee is the Forrest G. Hamrick Professor of Electrical Engineering at Princeton University, with an affiliated appointment in the Computer Science department. She is the director of the Princeton Architecture Laboratory for Multimedia and Security (PALMS). Her current research is in security-aware computer architecture, secure cloud computing, trustworthy and resilient systems, crypto acceleration, secure mobile ad-hoc networks and secure embedded systems. She is a Fellow of the Association for Computing Machinery (ACM) and a Fellow of the Institute of Electrical and Electronic Engineers (IEEE). She is often asked to help in national efforts to improve cybersecurity such as co-leading the National Cyber Leap Year summit and being a committee member of the National Academies study on Improving Cybersecurity Research in the U.S. She is also Associate Editor-in-Chief of IEEE Micro and Advisory Board member of IEEE Spectrum. She has been granted over 120 United States and international patents. Prior to joining the Princeton faculty, Dr. Lee served as chief architect at Hewlett-Packard, responsible at different times for processor architecture, multimedia architecture and security architecture. Concurrent with full-time employment at HP, Dr. Lee also served as Consulting Professor of Electrical Engineering at Stanford University. She has a Ph.D. in Electrical Engineering and a M.S. in Computer Science, both from Stanford University, and an A.B. with distinction from Cornell University.
Simha Sethumadhavan is an Assistant Professor of Computer Science at Columbia University. He is the founding director of the computer architecture and security technologies lab (CASTL) at Columbia University. Prof. Sethumadhavan's research interests are in hardware security, hardware support for security and privacy, energy-efficient computing and systems research tools. He has been recognized with teaching and research awards including the NSF CAREER award. He obtained his PhD from UT Austin in 2007.
Edward Suh is an Assistant Professor in the School of Electrical and Computer Engineering at Cornell University, where he leads the Trusted Systems Group in the Computer Systems Laboratory. He received a Ph.D. degree in Electrical Engineering and Computer Science from the Massachusetts Institute of Technology (MIT) in 2005. Following the graduate school, he spent a year at Verayo Inc., leading the development of unclonable RFIDs and secure embedded processors before joining Cornell. His current research focuses on developing architectural techniques to improve security, reliability, and correctness of future computing systems. He is a recipient of an NSF CAREER award and an Air Force Office of Scientific Research (AFOSR) Young Investigator Program award.