“Virtually all modern, high performing processors in the world have these flaws, even your laptop or mobile phone. But the biggest problem is that it affects virtualization machines, for example, cloud services like Amazon Web Services. This means as a customer you might be able to read other customers’ data since you are sharing the same hardware.” says professor Carl-Johan Seger, who’s running the research project together with professor Alejandro Russo, at the Department of Computer Science and Engineering.
The security flaws, named Meltdown and Spectre, allow programs to access sensitive data which is currently processed on the computer and stored in the temporary memory, the cache. In Spectre’s case, this is due to processors using speculative execution which creates a side-channel through which private information can be extracted. While an attacker can’t directly read the cache, it is possible to measure the timing of the cache to extract its content.
“It’s almost like you are chasing a car. You lose sight of it and come to a parking lot and all the cars are parked. Which one is the car you were chasing? What you do is, you go around and check which car has a warm hood. Then you can determine that was the car, even if you didn’t see it park there” Carl-Johan Seger explains.
There is no evidence of the flaws being used by hackers, but since the flaws have become public the risk for attacks increase.
Combining techniques to fight future bugs
While processor and operative system manufacturers have released software patches to combat the flaws this does not fix the entire problem.
“The hardware would most certainly need to be modified. That’s partly why this is so painful for the manufacturers. If you just patch the software it will most likely lead to a performance decrease. But what’s even more scary for most processor designers is, what if there is another bug, we haven’t found?” says Carl-Johan Seger.
This is what the new research project, called Securing Multi-Cycle Hardware Architectures, will investigate.
“Alejandro Russo and I have two pieces to this puzzle. He has a technique to look at a very big system and roughly identifying the problem area in a hardware component. My technology, symbolic simulation, allows you to analyze small pieces of hardware very accurately. This is a technology already used by Intel. Our research proposal is to combine our two techniques to find and help fix similar hardware bugs.”
Funding for a three-year post-doc
The grant from Intel Corporate Research Council consists of 100 000 USD yearly and will be used to fund a post-doc that will work on the project together with Carl-Johan Seger and Alejandro Russo. The project was one of five in Europe to be funded out of over fifty proposals.
“This is an interesting and challenging problem. The idea is not to fix these specific bugs, but rather to find a technique to identify where there might be problems with the hardware, and what those problems are. At least that’s what we promised to do. We’ll see what we succeed in.” Carl-Johan Seger concludes.
Carl-Johan Seger, Research professor, Functional Programming division, Computer Science and Engineering
email@example.com, +46 709 49 23 55, +46 31 772 64 19
Alejandro Russo, Professor, Information Security division, Department of Computer Science and Engineering
firstname.lastname@example.org, +46 31 772 61 56