STACC: Stopping Microarchitectural Attacks through Constant-time Code

Project: DFG ProjectsDFG Individual Projects

Project Details


While computing devices control and monitor increasingly many areas of our life, the security of these devices remains an open issue. The recent disclosure of Meltdown, Spectre and now Foreshadow showcased the remaining vulnerability of the microarchitecture of modern CPUs -highlighting the relevance of Micro-architectural attacks to our computing infrastructure. Decades-long optimization for performance have created CPUs where any knowledgeable adversary who can execute code will easily overcome logic separation between processes and thus compromise system security. To ensure the expected reliability and longevity of the computing infrastructure, mitigation of microarchitectural attacks is of utmost importance.This project addresses microarchitectural attacks with two complementary approaches: By detecting vulnerabilities in hardware and code, as well as by preventing attacks through better development tools that ease the generation of invulnerable programs. We first develop tools to quantify information leakage caused by microarchitectural features on modern computing platforms, allowing to identify components that compromise the security of code using them. Through the combination of static analysis for Spectre-like attacks with a novel fuzzer-based dynamic analysis approach for reliable yet scalable leakage detection, we can detect vulnerability for binary code of any size. Finally, we will equip code developers with tools that automate the generation of code that is invulnerable to microarchitectural attacks.STACC advances the state of the art in microarchitectural security through new and practical leakage detection and prevention techniques. By creating tools to analyze leakage of microarchitectural components, STACC can create ground truth for microarchitectural leakage on modern computing platforms. The proposed attack and vulnerability detection tools will help to identify and fix remaining vulnerable programs. By leveraging new efficient constant-time code generation and secure branching we will create a novel framework to protect code against micro-architectural attacks. We will combine compiler plugins with a just-in-time compiler and analysis methods to enable the secure execution of code without requiring a deep understanding of the micro-architecture. By making the tools open source, we will promote a wide adoption and thus aid broad use of secure coding techniques. Detection tools will allow designers to analyze deployed systems, thereby raising awareness for micro-architectural attacks. Through publication of results and presentations at leading conferences, in companies and summer schools, we will raise awareness and promote secure code development, thus fostering higher security for the computing infrastructure of today and tomorrow. STACC will provide training of PhD, MS and BS students in computer science in an area of high current need: the intersection of security and modern micro-architecture.
Effective start/end date01.01.1931.12.23

DFG Research Classification Scheme

  • 409-03 Security and Dependability