ECE 69500 - Hardware and Software Security
Course Details
Lecture Hours: 3 Credits: 3
Areas of Specialization:
- Computer Engineering
Counts as:
Normally Offered:
Each Fall
Campus/Online:
On-campus only
Requisites:
ECE 496
Requisites by Topic:
Operating systems engineering
Catalog Description:
This course provides an in-depth look at the relationships between hardware and software in the context of cyber-security. To do so, it explores the design, implementation and integration of secure hardware elements (e.g., processor extensions, secure co-processors) and their use to provide secure computing systems. Further, it analyzes different attack vectors from software to overcome these security properties (e.g., side-channel attacks, rowhammering, artificial processor-aging, hardware fuzzing). The lectures focus on a full-stack perspective of hardware-software co-existence and its effects on computer security by surveying existing technologies and their shortcomings. The course includes hands-on labs to develop and exploit practical software applications. Lastly, the course includes a research component to actualize and explore the trends of the topics covered in class.
Required Text(s):
None.
Recommended Text(s):
- Blue Fox: Arm Assembly Internals & Reverse Engineering , Markstedter, Maria , Wiley , 2023 , ISBN No. 978-1-119-74530-3
- Principles of Secure Processor Architecture Design , Szefer, Jakub , Springer , 2018 , ISBN No. 978-3-031-00632-6
- Trusted Computing Platforms: TPM2.0 in Context , Proudler, Graeme; Chen, Liqun; Dalton, Chris , Springer , 2015 , ISBN No. 978-3319087436
Lecture Outline:
| Week | Topic |
|---|---|
| 1 | Introduction and problem statement: How do hardware and software affect the security of each other |
| 2 | Part 1, Hardware features for secure software. A first look at the hardware-software stack: bootloader, early boot, kernel, early userspace, init system and late userspace |
| 3 | Fundamental hardware security features: NX memory, virtual memory, etc. |
| 4 | Secure co-processors: TPMs and HSMs, secret handling; TPM ME, measured execution and measured boot; secure boot; software patterns that leverage these |
| 5 | "Advanced" processor-level security features: Virtualization instructions and ring -1 (also ARM); Hypervisor types; Paravirtualization and virtual hardware; Kernel namespaces and containers pointer authentication on ARMv8; Capability Hardware Enhanced RISC Instructions (CHERI) |
| 6 | Advanced processor-level security features: Secure enclaves (SGX and TrustZone); Remote attestation and enclave certificates; Programming for secure enclaves |
| 7 | Processors 3: Trust Domain Extensions (Intel TDX); Lightweight VMs; midterm review |
| 8 | Accelerators and Application Processor & Multi-processing security: Multiprocessor and Many-Core Protections; Deep Learning accelerators and their interactions with main application; Other Peripheral |
| 9 | Part II: Software attacks on hardware; Fundamentals of side-channels: Timing attacks; Extracting secret keys and passwords; Constant time compare and other mitigations |
| 10 | Side-channels 2: Speculative execution; Spectre, Meltdown, and friends; Software level mitigations (e.g., retpoline) |
| 11 | SW attacks on HW; Row hammer attacks; Processor Aging; Practical examples of RH: flip feng shui; Avoiding rowhammer and processor aging |
| 12 | Attacks on firmware: Firmware update vectors and exploitation; Exploiting Arm TrustZone; Applicable software defenses |
| 13 | Firmware, Hardware fuzzing & Fault Innjection; Binary re-hosting for fuzzing; Hidden processor instructions (chip fuzzing). ISA vs Processor implementation; Peripheral fuzzing; Fault injection |
| 14 | Misc attacks & defenses 1: Attacking the VLSI software pipeline; Software Supply Chain attacks on hardware; FPGA security |
Assessment Method:
Exams, projects, presentations. (4/2023)