ERC Advanced Grant HYDRANOS

Motivation

  • Increasing crucial hardware vulnerabilities, particularly those that can be exploited by (remote) unprivileged software
  • However, existing defences are: ad-hoc, highly limited, inefficient and customized
  • Challenge: A fundamental solution requires modification of hardware which is currently not possible post-fabrication

Our vision in the ERC project HYDRANOS: A radically new security approach to overcome the current ad-hoc solution culture

HYDRANOS: Our Vision for Future of SoC Security Design

HYDRANOS presents an innovative vision centered around hardware-assisted adaptive security, signifying a paradigm shift in empowering adaptable security solutions for upcoming computing systems. Our primary objective is conceptualizing, creating, and assessing dedicated and customizable hardware components embedded within the System-on-Chip (SoC) architecture. This hardware will facilitate the post-fabrication reconfiguration of fundamental security-oriented components, offering robust mitigation against emerging attack vectors.

In addition, HYDRANOS is committed to developing a groundbreaking fuzzer meticulously tailored to pinpoint vulnerabilities spanning multiple layers within computing systems during the design phase. We aim to address critical security gaps preemptively by focusing on these cross-layer weaknesses.

The impact of HYDRANOS on establishing a foundation for trustworthy computing is profound. By its very nature, it introduces a dynamic and adaptable framework capable of effectively countering present and future cross-layer security threats that target systems of paramount importance. Through our endeavors, we aspire to contribute pioneering research that paves the way for resilient and future-proof security solutions. The outcomes of our efforts will be showcased on open-source hardware, extensively embraced by both academia and industry. We remain dedicated to providing our results to the broader research community, fostering an environment of open collaboration and third-party validation

Challenges

  • Identification and mapping of security-relevant elements to configurable units
  • Optimization strategies for security, performance, power & area trade-off of configurable units
  • Validation of configuration strategies, also exploring novel hardware fuzzing methods
  • Providing first open platform with adaptive security

Publications

  1. Dessouky, Ghada, David Gens, Patrick Haney, Garrett Persyn, Arun Kanuparthi, Hareesh Khattri, Jason M. Fung, Ahmad-Reza Sadeghi, and Jeyavijayan Rajendran. “{HardFails}: Insights into {Software-Exploitable} Hardware Bugs.” In 28th USENIX Security Symposium (USENIX Security 19), pp. 213-230. 2019. Link
  2. Dessouky, Ghada, Shaza Zeitouni, Ahmad Ibrahim, Lucas Davi, and Ahmad-Reza Sadeghi. “CHASE: A configurable hardware-assisted security extension for real-time systems.” In 2019 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), pp. 1-8. IEEE, 2019. Link
  3. Kenjar, Zijo, Tommaso Frassetto, David Gens, Michael Franz, and Ahmad-Reza Sadeghi. “{V0LTpwn}: Attacking x86 processor integrity from software.” In 29th USENIX Security Symposium (USENIX Security 20), pp. 1445-1461. 2020. Link
  4. Dessouky, Ghada, Tommaso Frassetto, and Ahmad-Reza Sadeghi. “{HybCache}: Hybrid {Side-Channel-Resilient} caches for trusted execution environments.” In 29th USENIX Security Symposium (USENIX Security 20), pp. 451-468. 2020. Link
  5. Dessouky, Ghada, Alexander Gruler, Pouya Mahmoody, Ahmad-Reza Sadeghi, and Emmanuel Stapf. “Chunked-cache: On-demand and scalable cache isolation for security architectures.” arXiv preprint arXiv:2110.08139 (2021). Link
  6. Chen, Chen, Rahul Kande, Pouya Mahmoody, Ahmad-Reza Sadeghi, and J. V. Rajendran. “Trusting the trust anchor: towards detecting cross-layer vulnerabilities with hardware fuzzing.” In Proceedings of the 59th ACM/IEEE Design Automation Conference, pp. 1379-1383. 2022. Link
  7. Jauernig, Patrick, Domagoj Jakobovic, Stjepan Picek, Emmanuel Stapf, and Ahmad-Reza Sadeghi. “DARWIN: Survival of the Fittest Fuzzing Mutators.” arXiv preprint arXiv:2210.11783 (2022). Link

Acknowledgement

We would like to express our deep gratitude to the European Research Council (ERC) for funding our project HYDRANOS within the prestigious ERC Advanced Grant Program. Their support and belief in our research have enabled us to embark on this exciting journey of exploration and discovery for a adaptive security-by-design for the next generation SoCs. We are truly honored and grateful for this opportunity to advance knowledge and contribute to the scientific community.
europe, flag, countries-151606.jpg