CIS 700 - Special Topic: Hardware Support for Security

CIS 700 - Special Topic: Special Topic: Hardware Support for Security
Spring 2005

Instructor: Milo Martin

Email: milom at cis.upenn.edu

Meeting Times and Places

Monday/Wednesday, 12:00-1:20pm
Moore 212

Course Description

This seminar course will survey proposals for expanding the role of hardware in creating more secure systems. Recent research has proposed expanding the security role of hardware beyond simply providing virtual memory and the separation of user and supervisor modes. Topics covered in this course may include hardware support for: buffer-overflow prevention, secure information processing, reducing runtime overheads of secure programming languages, fast cryptography, fine-grain memory protection, dynamic information flow tracking, tamper resistant and verified software, remote attestation, address-space randomization to prevent code injection, hardware-based virus and intrusion detection, secure cryptographic co-processors, and various "trusted" computing initiatives.

Coursework will consist mostly of paper reading, analysis, and in-class discussion. The prerequisites are CIS501 and a desire to learn more about both security and computer architecture. The course material should be applicable and accessible to participants from a range of sub-disciplines including computer architecture, systems security, distributed systems, compilers, and programming languages.

Course Schedule

Note: Some of the papers linked from this page may only be accessed by hosts in the upenn.edu domain.

Mon, Jan 10 - Course overview - ppt or pdf
Wed, Jan 12 - Chapter 1 and Chapter 2 of Anderson's Security Engineering
Mon, Jan 17 - NO CLASS - MLK Day
Wed, Jan 19
- Why Cryptosystems Fail by Anderson, 1st Conference on Computer and Comm. Security '93
- Chapter 4 of Anderson's Security Engineering
- Further reading: Why Information Security is Hard -- An Economic Perspective by Anderson, 17th Annual Computer Security Applications Conference 2001.
Mon, Jan 24
- Building the IBM 4758 Secure Coprocessor by Dyer et al, IEEE Computer, Oct 2001.
- Intel Wireless Trusted Platform: Security for Mobile Devices, 2004.
- Further reading: ABYSS: An Architecture for Software Protection by White and Comerford, IEEE Transactions on Software Engineering, Vol 16, No. 6, June 1990
- Further reading: Using a High-Performance, Programmable Secure Coprocessor by Smith, Palmer, and Weingart, Second International Conference on Financial Cryptography, 1998.
Wed, Jan 26
- ARM Dons Armor by Halfhill, Microprocessor Report, 2003.
- Secure Coprocessors in Electronic Commerce Applications by Yee and Tygar, USENIX Electronic Commerce Workshop, 1995.
- Further reading: Security as a New Dimension in Embedded System Design by Kocher et al, DAC 2004
Mon, Jan 31
- Architecture Support for Defending Against Buffer Overflow Attacks by Xu et al, EASY-2 Workshop, October 2002.
- A Processor Architecture Defense Against Buffer Overflow Attacks by McGregor et al, Proceedings of the IEEE International Conference on Information Technology: Research and Education (ITRE 2003), August 2003.
- Further reading: Defending Embedded Systems Against Buffer Overflow via Hardware/Software by Shao et al, 19th Annual Computer Security Applications Conference, 2003.
Wed, Feb 02
- Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns by Jonathan Pincus and Brandon Baker, IEEE Security and Privacy, July/Aug 2004.
- PointGuard: Protecting Pointers From Buffer Overflow Vulnerabilities by Cowan et al, USENIX Security 2003.
Mon, Feb 07
- Cyclone: A safe dialect of C by Trevor Jim, Greg Morrisett, Dan Grossman, Michael Hicks, James Cheney, and Yanling Wang. USENIX Annual Technical Conference, pages 275-288, Monterey, CA, June 2002.
- Region-based Memory Management in Cyclone by Dan Grossman, Greg Morrisett, Trevor Jim, Michael Hicks, Yanling Wang, and James Cheney. ACM Conference on Programming Language Design and Implementation, pages 282--293, Berlin, Germany, June, 2002.
Wed, Feb 09
- CCured: Type-Safe Retrofitting of Legacy Code by Necula et al, POPL 2002.
- Taming C Pointers by Necula et al, PLDI 2002.
- CCured in the Real World by Condit et al, PLDI 2003.
- Best reference: CCured: Type-Safe Retrofitting of Legacy Software by Necula et al, In ACM Transactions on Programming Languages and Systems (TOPLAS), 2004.
Mon, Feb 14 - NO CLASS - HPCA
Wed, Feb 16 - NO CLASS - HPCA
Mon, Feb 21
- Enabling Trusted Software Integrity by Kirovski et al, ASPLOS 2002.
- Countering Code-Injection Attacks With Instruction-Set Randomization by Kc, Keromytis, and Prevelekis. CCS 2003.
- Further reading: On the Effectiveness of Address-Space Randomization by Shacham et al, CCS 2004.
Wed, Feb 23
- Hardware and Binary Modification Support for Code Pointer Protection From Buffer Overflow by Tuck, Calder, and Verghese. MICRO 2004.
- A Hardware-Software Platform for Intrusion Prevention by Drinic and Kirovski, MICRO 2004.
- Further reading: Runtime Execution Monitoring (REM) to Detect and Prevent Malicious Code Execution by Fiskiran and Lee, ICCD 2004.
Mon, Feb 28
- Secure Program Execution via Dynamic Information Flow Tracking by Suh, Lee, and Devadas. ASPLOS 2004.
- Minos: Control Data Attack Prevention Orthogonal to Memory Model by Crandall and Chong. MICRO 2004.
Wed, Mar 02
- RIFLE: An Architectural Framework for User-Centric Information-Flow Security by Vachharajani et al, MICRO 2004.
Mon, Mar 07 - NO CLASS - Spring Break
Wed, Mar 09 - NO CLASS - Spring Break
Mon, Mar 14
- Understanding Data Lifetime via Whole System Simulation by Jim Chow, Ben Pfaff, Tal Garfinkel, Kevin Christopher, and Mendel Rosenblum. 2004 Usenix Security Symposium.
Wed, Mar 16
- Chapter 5 of Anderson's Security Engineering on Cryptography
Mon, Mar 21
- A 2.3Gb/s Fully Integrated and Synthesizable AES Rijndael Core by Kim, Mudge, and Brown. Proc. IEEE Custom Integrated Circuits Conference (CICC), Sep. 2003.
- Architectures and VLSI Implementations of the AES-Proposal Rijndael by Sklavos and Koufopavlou, IEEE Transactions on Computers, December 2002.
- Architectural Support for Fast Symmetric-Key Cryptography by Jerome Burke, John McDonald, and Todd Austin. ASPLOS 2000.
- Further reading: Efficient Permutation Instructions for Fast Software Cryptography, Lee et al, IEEE Micro Nov/Dec 2001.
Wed, Mar 23
- CryptoManiac: A Fast Flexible Architecture for Secure Communication by Lisa Wu, Chris Weaver, and Todd Austin. ISCA 2001.
- Accelerating Private-key cryptography via Multithreading on Symmetric Multiprocessors by Praveen Dongara and T. N. Vijaykumar. IEEE International Symposium on Performance Analysis of Systems and Software (ISPASS), March 2003.
Mon, Mar 28
- Architectural Support for Copy and Tamper Resistant Software by David Lie, Chandramohan Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell, and Mark Horowitz, ASPLOS 2000.
- AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing by G. Edward Suh, Dwaine Clarke, Blaise Gassend, Marten van Dijk, Srinivas Devadas, ICS 2003.
- Further reading: Caches and Hash Trees for Efficient Memory Integrity Verification by Gassend et al, HPCA 2003.
- Further reading: Certifying Program Execution with Secure Processors by Chen and Morris, 9th Workshop on Hot Topics in Operating Systems (HotOS IX), 2003.
Wed, Mar 30
- Specifying and Verifying Hardware for Tamper-Resistant Software by David Lie, John Mitchell, Chandramohan Thekkath and Mark Horowitz, IEEE Symposium on Security and Privacy 2003
Mon, Apr 04
- Implementing an Untrusted Operating System on Trusted Hardware by David Lie, Chandramohan Thekkath and Mark Horowitz, SOSP 2003.
- Efficient Memory Integrity Verification and Encryption for Secure Processors by Suh et al, MICRO 2003.
- Further reading: Fast Secure Processor for Inhibiting Software Piracy and Tampering, Yang et al, MICRO 2003.
Wed, Apr 06
- Attacks and Risk Analysis for Hardware Supported Software Copy Protection Systems by Shi et al, DRM 2004.
- HIDE: An Infrastructure for Efficiently Protecting Information Leakage on the Address Bus by Zhuang et al, ASPLOS 2004.
- Further reading: SENSS: Security Enhancement to Symmetric Shared Memory Multiprocessors, Zhang et al, HPCA 2005.
Mon, Apr 11
- Chapter 14 of Anderson's Security Engineering on Physical Tamper Resistance
- API-Level Attacks on Embedded Systems by Bond and Anderson, IEEE Computer, Oct 2001.
- Further reading: Trusting Trusted Hardware: Towards a Formal Model for Programmable Secure Coprocessors by Smith and Austel, USENIX Workshop on Electronic Commerce, 1998.
Wed, Apr 13
- Chapter 15 of Anderson's Security Engineering on Emission Security
- Using Memory Errors to Attack a Virtual Machine by Govindavajhala and Appel, IEEE Symposium on Security and Privacy 2003.
Mon, Apr 18
- Flexible OS Support and Applications for Trusted Computing by Garfinkel, Rosenblum, and Boneh, 9th Hot Topics in Operating Systems (HOTOS-IX), 2003
- Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al, SOSP 2003.
- Further reading: Semantic Remote Attestation - A Virtual Machine Directed Approach to Trusted Computing by Haldar et al, USENIX Virtual Machine Symposium, 2004.
Wed, Apr 20
- A Trusted Open Platform by England et al, IEEE Computer, July 2003
- Cryptography and Competition Policy -- Issues with 'Trusted Computing' by Anderson, PODC 2003.
- Further reading: Improving the TCPA Specification by Arbaugh, IEEE Computer, Aug. 2002.

Additional Further Reading

A Secure and Reliable Bootstrap Architecture by Arbaugh et al, IEEE Symposium on Security and Privacy 1997.
Secure Execution Via Program Shepherding by Kiriansky et al, USENIX Security 2002.
Mondrian Memory Protection by Witchel et al, ASPLOS 2002.
High Coverage Detection of Input-Related Security Faults by Larson and Austin, USENIX Security 2003.
A Practical Dynamic Buffer Overflow Detector by Ruwase and Lam, NDSS 2004.
Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software by Newsome and Song. NDSS 2004.
Establishing the Genuinity of Remote Computer Systems by Kennell and Jamieson, USENIX Security Symposium 2003.
Attestation-based Policy Enforcement for Remote Access by Sailer et al, CCS 2004.
Side Effects are Not Sufficient to Authenticate Software by Shankar et al, USENIX Security Symposium 2004.
SWATT: SoftWare-based ATTestation for Embedded Devices by Arvind Seshadri et al, IEEE Symposium on Security and Privacy 2004.
SAM: A Flexible and Secure Auction Architecture Using Trusted Hardware by Perrig et al, Electronic Journal on E-commerce Tools and Applications, 2001.
The Magic of RFID by Roy Want, ACM Queue, October 2004.
Bridging the Gap between TCPA/Palladium and Personal Security, Ahmad-Reza Sadeghi and Christian Stuble.

Recent Additions

Architecture for Protecting Critical Secrets in Microprocessors by Ruby Lee et al, ISCA 2005.
High Efficiency Counter Mode Security Architecture via Prediction and Precomputation by Weidong Shi et al, ISCA 2005.
Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random Functions by G. Edward Suh at el, ISCA 2005.
InfoShield: A Security Architecture for Protecting Information Usage in Memory by Weidong Shi er al, HPCA 2006.
Improving Cost, Performance, and Security of Memory Encryption and Authentication by Chenyu Yan et al, ISCA 2006.
Cell Broadband Engine Processor Security Architecture and Digital Content Protection, Kanna Shimizu et al, MCPS 2006.
Bounds Checking with Taint-Based Analysis by Weihaw Chuang, Satish Narayanasamy, Brad Calder and Ranjit Jhala, International Conference on High Performance Embedded Architectures & Compilers, January 2007

CIS 700 - Special Topic: Special Topic: Hardware Support for Security Spring 2005