The 4 lectures will be given on Mon., Tue., Thur., and Friday (July 15, 16, 18, and 19) during the Slot 3 starting at 14:30 in afternoons.
All the ACACES 2019 lectures are at the Silva Hotel Splendid & Congress Center, in Fiuggi, Italy.
Processor architecture security has become one of the important aspects of cybersecurity and computer security in recent years. Many of todays processors provide so-called Trusted Execution Environments (TEEs), which leverage hardware extensions to processors to protect users software modules, applications, containers, or even whole Virtual Machines. Proper design and validation of the TEEs is necessary to ensure a systems security and that the processors can ensure confidentiality, integrity and even protection from side-channels or physical attacks, for the code and data they are protecting. Among various threats, side-channels and speculative execution (and attacks that it can lead to) have emerged as key threats that processors should protect from. These have been widely publicized due to the Spectre and Meltdown attacks and their variants.
The summer course aims to teach the participants about the principles that processor architects and designers should use to ensure their processor architectures are secure, especially given side- channel attack threats which have re-emerged as a significant threat to security. The summer course will focus on design of secure processor architectures, the TEEs that they provide, and present design patterns that can be gleaned from the existing research works to derive the principles that inform design of the future secure architectures. The course will also dedicate special attention to side-channels and speculative execution attacks. A number of strategies for defense of the various attacks will be presented, including extended discussion of secure processor caches and other designs for secure functional units in the processor. The course will also touch on some hardware security topics, especially pertaining to implementation and manufacturing of the processors, and the threats and possible defense at each step of the design, implementation, and manufacturing of a secure processor.
Jakub Szefer’s research focuses on improving computer systems security at the architecture and hardware levels. His work explores how to leverage physical properties of hardware as security primitives, and has resulted in, for example, different new types of Physically Uncloneable Functions (PUFs) using commodity Dynamic Random Access Memories (DRAMs). His work also aims to improve security at the architecture level, including recent development of a novel 3-step framework for modeling all possible cache and TLB timing attacks, as well as new types of cache-related timing attacks; and mitigations. Large number of his projects involve Field-Programmable Gate Arrays (FPGAs), including implementations of post-quantum cryptographic (PQC) algorithms, and novel attacks and defense for the new Cloud FPGA computing paradigm. His group regularly open-sources hardware code. He is a recipient of NSF’s CAREER award in 2017, and was elected IEEE Senior Member in 2019. Jakub Szefer has written a book on “Principles of Secure Processor Architecture Design” (2018). He joined Yale University in summer 2013 as an Assistant Professor of Electrical Engineering, where he started the Computer Architecture and Security Laboratory (CAS Lab). Prior to joining Yale, he received Ph.D. and M.A. degrees in Electrical Engineering from Princeton University and worked with Prof. Ruby B. Lee on secure processor architectures. He received B.S. with highest honors in Electrical and Computer Engineering from University of Illinois at Urbana-Champaign.
The course consists of four 75 min. lectures on the following topics:
Mon. 14:30 - 15:45 Processor Security and Secure Processors
Tue. 14:30 - 15:45 Side and Covert Channels
Wed. (no lectures in afternoon)
Thur.14:30 - 15:45 Securing Caches, Buffers, TLBs, and Directories
Fri. 14:30 - 15:45 Transient Execution Attacks and Mitigations
Lecture sldies are available to ACACES attendees at https://bit.ly/acaces19.
The slides can also be downloaded here:
Part 1 slides: Processor Security and Secure Processors
Part 2 slides: Side and Covert Channels
Part 3 slides: Securing Caches, Buffers, TLBs, and Directories
Part 4 slides: Transient Execution Attacks and Mitigations
The lectures are partly based on a book recently published by Jakub Szefer. The lectures will complement the book with new material, while the book gives a more in-depth discussion of the topics covered in the lectures. It is available for purchase, or many universities provide free PDF version of the book through their electronic subscriptions.