University of Cambridge > Talks.cam > Computer Laboratory Computer Architecture Group Meeting > Fast and Efficient Deployment of Security Defenses via Microcode Customization

Fast and Efficient Deployment of Security Defenses via Microcode Customization

Add to your list(s) Download to your calendar using vCal

If you have a question about this talk, please contact Prof Simon Moore.

Note unusual time and location

Maximizing performance has been a major driving force in the economics of the microprocessor industry. However, scaling performance without considering security implications could have serious negative consequences, as evidenced by the recent pile of lawsuits concerning Meltdown and Spectre attacks. These events have highlighted the need to architect systems that can not only run at high speed, but can also exhibit high resilience against security attacks, not just one or the other.

This talk will introduce context-sensitive decoding (CSD), a novel and transparent secure architecture that takes advantage of an already existing layer of indirection implemented in modern ISAs—the CISC -to-RISC micro-op translation interface, to enable a whole suite of security defenses. CSD is (1) immediately universal, requiring no patching of existing software, (2) enforced at the microcode-level, completely under-the-hood, and is therefore invisible to the attacker, making it extremely hard to bypass, and (3) offers significant flexibility through context-sensitive enforcement of security checks for only security-critical code, in stark contrast to existing solutions that can either be always on or always off.

This talk will further highlight two security defenses enabled by context-sensitive decoding. The first defense, context-sensitive fencing (CSF), enables the surgical injection of speculation fences into the dynamic execution stream to mitigate transient execution attacks like Spectre, while maintaining acceptably high levels of performance. The second defense enables a transparent microcode-level capability-based addressing scheme to secure applications, including legacy binaries, against a wide array of temporal and spatial memory safety exploits, without the need for recompilation or binary translation.

Bio: Ashish Venkat is an Assistant Professor in the Department of Computer Science at the University of Virginia, where he joined after obtaining a Ph.D. from UC San Diego. His research interests are in the intersection of Computer Architecture, Compilers, and Computer Security, with a focus on building high performance and secure processor architectures. His work has been published at top-tier venues such as ISCA , ASPLOS, and HPCA , and has been recognized as the runner-up of the HPCA 2019 Best Paper Award, and as an IEEE Micro Top Pick of all architecture papers published in 2018. His dissertation research has been successfully ported and transferred to the Cloud Platforms division of the IBM Haifa Research Lab.

This talk is part of the Computer Laboratory Computer Architecture Group Meeting series.

Tell a friend about this talk:

This talk is included in these lists:

Note that ex-directory lists are not shown.

 

© 2006-2019 Talks.cam, University of Cambridge. Contact Us | Help and Documentation | Privacy and Publicity