ECE PhD Dissertation Defense: Majid Sabbagh

PhD Dissertation Defense: The Perils of Shared Computing: A Hardware Security Perspective

Majid Sabbagh

Location: Microsoft Teams Link

Abstract: Modern processors and hardware accelerators, in the cloud or on the edge, are capable of running multiple workloads from different users concurrently. Despite software techniques for security such as virtualization and containers, a new attack surface is emerging that pertains to the hardware vulnerabilities of shared computing resources, posing serious threats to shared computing. Fault attacks (FAs), Side-Channel Attacks (SCAs), and Transient-Execution Attacks (TEA) are three hardware-oriented attacks that target the system implementations. FAs aim to tamper the integrity of application execution through different fault injection methods, to compromise the data or disrupt computation at run-time. SCAs exploit the information leakage of sensitive applications in physical parameters, such as power consumption, electromagnetic emanations, and timing, to breach the confidentiality of the application. TEAs exploit transient hardware operations such as speculative execution in Central Processing Units (CPUs) to tap on sensitive data temporarily and retrieve them from implicative microarchitectural states.
In this dissertation, we investigate the three kinds of attacks that all exploit vulnerabilities due to shared computing. We first introduce a new non-invasive FA against Graphics Processing Units (GPUs), called overdrive fault attacks. We discover the security vulnerability of GPU’s voltage-frequency scaling (VFS) mechanism, a common feature to balance power consumption and performance. An out-of-specification configuration of GPU voltage and frequency can be set by an adversary on the host CPU, through the software interfaces to GPU’s power management units. This setting will cause timing violations for the computation and result in silent data corruptions (SDCs). We apply the overdrive fault attacks on two common victim applications. One is cryptographic applications accelerated by GPU. We launch a differential fault analysis (DFA) attack on an AES kernel running on an AMD RX 580 GPU and successfully recover the secret key. The other victim is convolutional neural network (CNN) inference. We thoroughly characterize fault injections and propagation in a CNN on a GPU and analyze the controllability of the attack. We successfully launch an end-to-end misclassification attack during CNN inferences with careful timing control.
We then evaluate a timing side-channel attack called Prime+Probe attack on CPUs and propose a Side-Channel Attack DEtection Tool (SCADET). SCADET is a methodology and a tool that operates on an x86 program’s binary. It records and analyzes the program’s memory accesses using dynamic binary instrumentation by running the program in a controlled environment to accurately identify the malicious access patterns demonstrated by the Prime+Probe attack.
Finally, we introduce an efficient hardware-level taint-tracking defense against the most prominent TEAs, the speculative execution attacks. We take a secure-by-design approach and propose a mechanism called Secure Speculative Execution via RISC-V Open Hardware Design (SSE-RV), based on the latest Berkeley Out-of-Order Machine (SonicBOOM). We prototype our SSE-RV processor on an FPGA running a Linux operating system. Our results show that we can protect against Spectre-v1, v2, and v5. Our defense scheme is general and can be extended to protect against other transient execution attacks.