A ‘weird machines’ approach to more secure computer microarchitecture
October 11th, 2022 • Joseph McClain
Deep inside a computer's central processing unit are the sub-systems that constitute the computer's microarchitecture.
Microarchitecture has been vulnerable to malicious attacks, such as the Spectre and Meltdown outbreaks. Dmitry Evtyushkin says one reason for the vulnerability lies in the widespread use of "commodity" microarchitectures produced by a comparatively small set of manufacturers.
The problem, he said, is not commodity architectures per se: It's that they are designed to prioritize higher performance and lower cost, while security is added later.
"Microarchitectures were designed at the time when we did not know anything about such attacks, so the design could be inherently flawed," Evtyushkin explained. "However, developers keep improving previous microarchitecture designs instead of building secure ones from scratch."
"They can make your programs run much faster, but they have side effects," he said. "And the side effects sometimes lead to information leakage."
That leaked information might include sensitive data or might include cryptographic keys, and can be picked up by malware and put to nefarious uses.
Evtyushkin is an assistant professor in William & Mary's Department of Computer Science. He recently received support for his effort to make computers more secure through a five-year CAREER award from the National Science Foundation.
The project, titled "Weird Machines: a New Foundation for Advancing Microarchitectural Security," introduces a new paradigm for closing the holes left by commodity microarchitecture. "Weird machines" is the name for a specific theoretical approach to computer security issues and in the past has been used to analyze software systems.
Evtyushkin says a new paradigm is needed because processor security currently is conducted on an "ad hoc" basis.
"Mostly, we think about different kinds of possible performance optimizations that we have inside our processors and try to implement the whole attack and see if it works," he said. "This is very time consuming and it doesn't offer great coverage in terms of what side effects we're looking for."
Evtyushkin's weird machines approach concentrates on the individual side-effects that create vulnerability to an attack or a potential attack. He says that he expects his approach to show value in preventing a variety of attacks.
"There are different kinds of microarchitecture attacks," he explained. "For example, there are covert-channel attacks: You have two programs, and they're not allowed to talk to each other, but an attacker can manipulate hardware feature to enable them to talk to each other. It is a way of making different programs communicate using channels that are not intended for communication."
Evtyushkin explained that another variety of attack is a side-channel attack, in which the vulnerability is caused by a program that is doing encryption, inadvertently leaving patterns inside CPU structures, "and another program recovers the patterns and steals the encryption key."
Then there are speculative execution attacks, such as Spectre, which exploit processor's ability to predict future events in a program. This mechanism is manipulated by the attacker in such a way that it forces victim program to reveal its secrets.
"So, these are three major types of microarchitecture attacks," he said, "The idea of the project is to focus on smaller, simpler elements that compose microarchitectural attacks. First we need to understand what they are. Then we can develop techniques for automatically discovering and analyzing them."
Evtyushkin expects his work to create a framework to identify the side effects hidden in the nooks and crannies of computer microarchitecture to bear fruit in a number of respects. First, of course, he expects adoption of his protective weird machines protocol to make computers more resistant to malicious attacks: "So hardware manufacturers and software companies are aware, and they know what to fix," he said.
The knowledge of vulnerabilities inherent in microarchitecture will be incorporated into courses and research in the university's computer science department. And Evtyushkin said he hopes to be able to introduce some weird machine-based countermeasures later in the project.
"You know: How can we actually not only identify the side effects?" he said. "But also come up with some protections against these kinds of attacks?"
Provided by The College of William & Mary