Fast and Efficient Deployment of Security Defenses via Microcode Customization

Add to your list(s) Download to your calendar using vCal

• Prof Ashish Venkat, University of Virginia
• Monday 11 November 2019, 09:30-10:30
• SS03, Computer Laboratory, William Gates Building.

If you have a question about this talk, please contact Prof Simon Moore.

Note unusual time and location

Maximizing performance has been a major driving force in the economics of the microprocessor industry. However, scaling performance without considering security implications could have serious negative consequences, as evidenced by the recent pile of lawsuits concerning Meltdown and Spectre attacks. These events have highlighted the need to architect systems that can not only run at high speed, but can also exhibit high resilience against security attacks, not just one or the other.

This talk will introduce context-sensitive decoding (CSD), a novel and transparent secure architecture that takes advantage of an already existing layer of indirection implemented in modern ISAs—the CISC -to-RISC micro-op translation interface, to enable a whole suite of security defenses. CSD is (1) immediately universal, requiring no patching of existing software, (2) enforced at the microcode-level, completely under-the-hood, and is therefore invisible to the attacker, making it extremely hard to bypass, and (3) offers significant flexibility through context-sensitive enforcement of security checks for only security-critical code, in stark contrast to existing solutions that can either be always on or always off.

This talk will further highlight two security defenses enabled by context-sensitive decoding. The first defense, context-sensitive fencing (CSF), enables the surgical injection of speculation fences into the dynamic execution stream to mitigate transient execution attacks like Spectre, while maintaining acceptably high levels of performance. The second defense enables a transparent microcode-level capability-based addressing scheme to secure applications, including legacy binaries, against a wide array of temporal and spatial memory safety exploits, without the need for recompilation or binary translation.

Bio: Ashish Venkat is an Assistant Professor in the Department of Computer Science at the University of Virginia, where he joined after obtaining a Ph.D. from UC San Diego. His research interests are in the intersection of Computer Architecture, Compilers, and Computer Security, with a focus on building high performance and secure processor architectures. His work has been published at top-tier venues such as ISCA , ASPLOS, and HPCA , and has been recognized as the runner-up of the HPCA 2019 Best Paper Award, and as an IEEE Micro Top Pick of all architecture papers published in 2018. His dissertation research has been successfully ported and transferred to the Cloud Platforms division of the IBM Haifa Research Lab.

This talk is part of the Computer Laboratory Computer Architecture Group Meeting series.

This talk is included in these lists:

• All Talks (aka the CURE list)
• Cambridge talks
• Computer Laboratory Computer Architecture Group Meeting
• Department of Computer Science and Technology talks and seminars
• Interested Talks
• SS03, Computer Laboratory, William Gates Building
• School of Technology
• Security-related talks
• Trust & Technology Initiative - interesting events
• bld31

Note that ex-directory lists are not shown.