International Winter School on Microarchitectural Security 2022

Title of the talk

AI and Side-channel analysis: Lessons learned so far

Abstract

In this talk we give an overview of the AI methods and techniques used in the field of hardware security and side-channel analysis in particular. We first discuss the ways in which Machine learning and AI changed the side-channel analysis landscape and attackers’ capabilities in particular. We survey several examples of AI assisting with leakage evaluation and discuss the impact of it. Finally, we also consider the way side-channel analysis and deep learning could be used for a new tempest-like attack called screen gleaning.

About the speaker

Lejla Batina is a professor in embedded systems security at the Radboud University in Nijmegen, the Netherlands. She made a Professional Doctorate in Engineering at the Eindhoven University of Technology (2001) and worked as a cryptographer for SafeNet B.V. (2001–2003). She received her Ph.D. from KU Leuven, Belgium (2005).

Her current research interests include implementations of cryptography and hardware security. Her research group at Radboud consists of 12 researchers, and 9 Ph.D. students have graduated under her supervision. She has authored or coauthored more than 140 referred articles.

Lejla Batina a senior member of IEEE and an Editorial board member of top journals in security, such as IEEE Transactions on Information Forensics and Security and ACM Transactions on Embedded Computing Systems. She was program co-chair of CHES 2014, ACM WiSec 2021 and she served as a track chair of DATE 2022 (Track D: Design Methods and Tools).

Title of the talk

Trustworthy Machine Learning... for Systems Security

Abstract

No day goes by without reading machine learning (ML) success stories across different application domains. Systems security is no exception, where ML's tantalizing results leave one to wonder whether there are any unsolved problems left. However, machine learning has no clairvoyant abilities and once the magic wears off, we're left in uncharted territory.

We, as a community, need to understand and improve the effectiveness of machine learning methods for systems security in the presence of adversaries. One of the core challenges is related to the representation of problem space objects (e.g., program binaries) in a numerical feature space, as the semantic gap makes it harder to reason about attacks and defences and often leaves room for adversarial manipulation. Inevitably, the effectiveness of machine learning methods for systems security are intertwined with the underlying abstractions, e.g., program analyses, used to represent the objects. In this context, is trustworthy machine learning possible?

In this lecture, I will first illustrate the challenges in the context of adversarial ML evasion attacks against malware classifiers. The classic formulation of evasion attacks is ill-suited for reasoning about how to generate realizable evasive malware in the problem space. I'll provide a deep dive into recent work that provides a theoretical reformulation of the problem and enables more principled attack designs. Implications are interesting, as the framework facilitates reasoning around end-to-end attacks that can generate real-world adversarial malware, at scale, that evades both vanilla and hardened classifiers, thus calling for novel defenses.

Next, I'll broaden our conversation to include not just robustness against specialized attacks, but also adversarial drifting, in which threats evolve and change over time. Prior work suggests adversarial ML evasion attacks are intrinsically linked with concept drift and we will discuss how drift affects the performance of malware classifiers, hinting at the role the underlying feature space abstraction has in the whole process.

Ultimately, these threats would not exist if the abstraction could capture the 'Platonic ideal' of interesting behaviour (e.g., maliciousness), however, such a solution is still out of reach. I'll conclude by outlining current research efforts to make this goal a reality, including robust feature development, assessing vulnerability to universal perturbations, and forecasting of future drift, which illustrate what trustworthy machine learning for systems security may eventually look like.

About the speaker

Lorenzo Cavallaro is a Full Professor of Computer Science in the Department of Computer Science at UCL, where he leads the Systems Security Research Lab. His research focuses on understanding and improving the effectiveness of machine learning methods for systems security in the presence of adversaries. In particular, Lorenzo Cavallaro and his lab investigate the intertwined relationships of program analysis and machine learning and the implications they have towards realizing Trustworthy ML for Systems Security. He publishes at and sits in the PC of top-tier conferences in computer security and received the Outstanding Paper Award at USENIX Security 2022.

Title of the talk

Requirements and Security Challenges for Resource-Constrained IoT End-Devices Baseband Processor

Abstract

Internet of Things (IoT) implementations span all sectors around the world and face an exponential increase in the number of IoT devices. Attacks against these devices represent a significant threat and one of the potential entry points relies on their communication capabilities where many vulnerabilities and attacks exist.

In that context, this presentation deals with baseband processor requirements and challenges for resource-constrained IoT end-devices using low-data-rate Sub-Ghz protocols. Several architectures for baseband processors will be discussed as well as existing attacks. Furthermore, a solution based on a multi-layer (network, execution and hardware) data tracing approach to detect logical attacks such as network availability (e.g., DoS, jamming) and data integrity (i.e., packet injection) in the network and in the baseband processor from the network entry point will also be discussed.

About the speakers

Guy Gogniat is a Full Professor in electrical and computer engineering (ECE) at the Université Bretagne Sud, Lorient, France, where he has been since 1998. He obtained his MSEE degree at the University of Paris Sud, Orsay, France, in 1995, and his PhD in ECE at the University of Nice-Sophia, Antipolis, France, in 1997. In 2005, he spent one year at the University of Massachusetts, Amherst, USA, as an invited researcher, where he worked on embedded system security using Reconfigurable technologies. His work focuses on embedded system security.

Title of the talk

The standards of embedded security

Abstract

With the considerable growth of the IoT market, embedded secure elements are increasingly being deployed in a variety of devices. At the same time, operators expect liability from IoT devices, as the entire system’s security collapses if the devices are compromised. In addition, the market needs a way to ensure a consistent measurement of the security level. Hence the need for standards that define the requirements and certification schemes which assess, through tests and validations, that the requirements are met.

In this course, Sylvain Guilley will introduce the different standards applicable to IoTs (CC, FIPS, OSCCA, Global Platform, EN ETSI 303 645) and make a specific focus on the automotive market, with ISO/SAE 21434:2021 standard. He will detail how these standards can be implemented in integrated Secure Elements (iSE) and explain in particular how to derive the relevant security functionalities. The security target is crucial in this respect, as it is important to design enough security while avoiding over-designing security. Finally, he will explain that, nowadays, device connectivity can be leveraged to effectively manage their security throughout their lifecycle. Such a capability requires both an uplink (the channel through which incidents are reported) and a downlink (the channel through which firmware is updated).

About the speaker

Sylvain Guilley is General Manager and CTO at Secure-IC, a French company offering security for embedded systems. Secure-IC's flagship product is the multi-certified Securyzr integrated Secure Element (iSE). He is also professor at Télécom-Paris and research associate at the École normale supérieure (ENS).

His research interests are trusted computing, cyber-physical security, secure prototyping in FPGA and ASIC, and formal / mathematical methods. Since 2012, he organizes the PROOFS workshop, which brings together researchers whose objective is to increase the trust in the security of embedded systems.

Sylvain Guilley is also lead editor of international standards, such as ISO/IEC 20897 (Physically Unclonable Functions), ISO/IEC 20085 (Calibration of non-invasive testing tools), and ISO/IEC 24485 (White Box Cryptography). He is associate editor of the Springer Journal of Cryptography Engineering (JCEN), has co-authored 250+ research papers and filed 40+ invention patents. He is member of the IACR, senior member of the IEEE and the CryptArchi club, and is an alumnus from the École Polytechnique and Télécom-Paris

Title of the talk

Security Implications of Power Management Mechanisms in Modern Processors: Current Studies and Future Trends

Abstract

Despite the failure of Dennard scaling, the slow-down in Moore’s Law, and the high power density of modern processors, power management mechanisms have enabled significant advances in modern microprocessor performance and energy efficiency. Yet, current power management architectures also pose serious security implications. This is mainly because functionality rather than security has been the main consideration in designing power management mechanisms in commodity microprocessors.

This talk will provide an overview of state-of-the-art power management mechanisms used in modern microprocessors. Based on this background, some of the recent-revealed new power management vulnerabilities in modern processors and their security implications will be presented. Finally, will be discussed practical mitigation mechanisms to protect a system against known vulnerabilities resulting from power management mechanisms.

About the speaker

Dr. Jawad Haj-Yahya received his Ph.D. in Computer Science from Haifa University, Israel. Jawad was a processor architect for many years at Intel. His awards and honors include the Intel Achievement Award (the highest award at Intel) for his significant contribution to Intel processors.

Jawad worked as a Senior Scientist in multiple universities at research centers, including Nanyang Technological University (NTU) Singapore, Institute of Microelectronics (IME) at A*STAR Singapore, ETH Zurich, and Huawei Zurich Research Center. Jawad led multiple research projects, including designing and architecting a RISC-V-based secure processor, an energy-efficient AI accelerator, and multiple power management architectures to improve the energy efficiency of modern client and server processors. Jawad recently joined Rivos inc. as a Principal Architect working on power management.

Title of the talk

Security challenges and opportunities in emerging device technologies

Abstract

While traditional chips in bulk silicon technology are widely used for reliable and highly efficient systems, there are applications that call for devices in other technologies. On the one hand, novel device technologies need to be re-evaluated with respect to potential threats and attacks, and how these can be faced with existing and novel security solutions and methods. On the other hand, emerging device technologies bring opportunities for building the secure systems of the future.

This talk will give an overview of the minimal hardware resources that are needed to build secure systems and discusses the state-of-the-art in the design of these hardware resources in emerging device technologies.

About the speaker

Nele Mentens is a professor at Leiden University in the Netherlands and KU Leuven in Belgium. Her research interests are in the field of configurable computing and hardware security. She was/is the PI in around 25 finished and ongoing research projects with national and international funding.

She serves/served as a program committee member of renowned international conferences on security and hardware design. She was the general co-chair of FPL'17 and she was/is the program chair of FPL'20, CARDIS'20, RAW'21, VLSID'22 and DDECS'23. She is (co-)author in around 150 publications in international journals, conferences and books. She received best paper awards and nominations at CHES'19, AsianHOST'17 and DATE'16. Nele Mentens serves as an associate editor for IEEE TIFS, IEEE CAS Magazine, IEEE S&P, and IEEE TCAD.

Title of the talk

Securing AI: On the Intentional Failures and How to Prevent Them

Abstract

This talk covers various attacks on deep learning and how to prevent them. We start with a general introduction to the security and privacy of deep learning, and afterward, we concentrate on several specific threats. More precisely, we discuss poisoning attacks and model stealing attacks. We also discuss how to defend against such attacks and novel challenges emerging when moving from a centralized to a federated learning setup.

About the speaker

Stjepan Picek is an associate professor at Radboud University, The Netherlands. His research interests are security/cryptography, machine learning, and evolutionary computation. Prior to the associate professor position, he was an assistant professor at TU Delft, and a postdoctoral researcher at MIT, USA and KU Leuven, Belgium. He finished his PhD in 2015 with a topic on cryptology and evolutionary computation techniques.

Stjepan Picek also has several years of experience working in industry and government. Up to now, he has given more than 25 invited talks at conferences and summer schools and published more than 130 referred papers. He was a general co-chair for Eurocrypt 2021, program committee member and reviewer for a number of conferences and journals, and a member of several professional societies.

Title of the talk

Transient execution attacks and defenses

Abstract

Microarchitectural security is one of the most challenging and exciting problems in system security today. With the discovery of transient execution attacks, it has become clear that microarchitectural attacks have significant impact on the security properties of software running on a processor that runs code from various stakeholders (such as, for instance, in the cloud).

During this lecture, Frank Piessens will provide an introduction to transient execution attacks and defenses using formal models for processors.

First, he will introduce a simple formal instructions set architecture (ISA), and show how to model a speculative and out-of-order processor implementing this ISA. Then he will discuss how to model microarchitectural attackers, and, by means of examples, how the powerful class of transient execution attacks is captured by this model.

The lecture will finish with formal statements of security objectives for defenses against these attacks, and to illustrate the usefulness of the introduced models, the design and implementation of one provably secure countermeasure will be discussed.

About the speaker

Frank Piessens is a full professor in the Department of Computer Science at the Katholieke Universiteit Leuven, Belgium. His research field is software and systems security. He has worked both on attack techniques, as well as on defenses.

On the defense side, he has contributed to verification techniques for C-like languages, the enforcement of information flow security, countermeasures for memory safety related vulnerabilities, and the design and implementation of embedded security architectures.

On the attack side, he has contributed to the discovery of several transient execution attacks, and to the development of exploitation techniques for memory safety vulnerabilities.

Frank Piessens has served on the program committee of numerous security and software conferences including ACM CCS, Usenix Security, IEEE Security & Privacy, and ACM POPL. He acted as program chair for the International Conference on Principles of Security and Trust (POST 2016), for the IEEE European Symposium on Security & Privacy (Euro S&P 2018 & 2019), and for the IEEE Secure Development Conference (SecDev 2021 & 2022).

Title of the talk

From Random Observations to Automated Leakage Discovery

Abstract

Microarchitectural security is still a relatively young research area. There are still many discoveries to be made, even for beginners in the field. Simple experiments with seemingly random, weird observations later turn out to be side channels or even processor vulnerabilities. However, even for domain experts, designing experiments to discover new side-channel leakage can be a tedious and time-consuming process that also requires a non-negligible amount of luck.

This talk will show how automation can help in this discovery process. It will cover recent advances in tooling and automation for microarchitectural leakage discovery, drawing parallels to the field of software testing. Although automation is still in an early stage when compared to software testing, it will show that the current approaches can already discover previously unknown side channels and transient-execution attacks.

Title of the hands-on session

Turning Timing Differences into Data Leakage

Abstract

In 2018, a new field of microarchitectural emerged with the publication of Meltdown and Spectre: Transient execution attacks. In contrast to traditional side-channel attacks, which leak metadata, transient execution attacks directly leak sensitive data. Such transient executions result from control- and data-flow mispredictions, as well as out-of-order execution after exceptions.

This 3-hour training will start with simple timing measurements and finally leak data via a transient-execution attack. It will start with the basics of measuring cache effects, an essential building block of transient execution attacks. Together with the speaker will be developped a Flush+Reload covert channel used as the encoding part in the transient-execution attack. Using this encoding will be implemented a Spectre attack to leak data from an application containing secrets.

About the speaker

Michael Schwarz is Faculty at the CISPA Helmholtz Center for Information Security in Saarbruecken, Germany, with a focus on microarchitectural side-channel attacks and system security. He obtained his PhD with the title "Software-based Side-Channel Attacks and Defenses in Restricted Environments" in 2019 from Graz University of Technology. He holds two master's degrees, one in computer science and one in software engineering with a strong focus on security.

He is a regular speaker at both academic and hacker conferences (10 times Black Hat, CCC, Blue Hat, etc.). He was part of one of the research teams that found the Meltdown, Spectre, Fallout, ZombieLoad, LVI, and PLATYPUS vulnerabilities. He was also part of the KAISER patch, the basis for Meltdown countermeasures now deployed in every modern operating system under names such as KPTI or KVA Shadow.

Title of the hands-on session

How to quickly deploy a SoC on FPGA to evaluate security solutions for communicating embedded systems?

Abstract

The evaluation of security countermeasures is essential. Experimentation on real use cases and reproducibility are also important. In the field of embedded systems security we often face a technological barrier and we have to master a multitude of software and hardware tools. Moreover, our contributions often target a specific point and therefore we are not necessarily experts of all the components of a system on chip (SoC). The technical task then usually takes a lot of time when creating an experimental test bench.

This practical work proposes to discover some tools allowing to deploy a SoC (with associated software) and to evaluate it on FPGA board for a use case of security of communicating embedded systems.

About the speaker

Philippe Tanguy is Associate professor at the Université de Bretagne Sud (UBS), in the UFR SSI. He is the study director of the Master of Cybersecurity of Embedded Systems (CSSE) at UBS. He performs his research activities at Lab-STICC in the ARCAD team. He has a PhD in Electronics and digital communication at IETR. Currently, his research activities are dedicated to IoT system with a focus on the Cyber Security issues.

Title of the talk

The Gates of Time: Improving Cache Attacks with Transient Execution

Abstract

More info coming soon.

Title of the tutorial

A Primer on Cache Attacks

Abstract

More info coming soon.

About the speaker

Yuval Yarom is an Associate Professor at the School of Computer Science at the University of Adelaide. He earned his Ph.D. in Computer Science from the University of Adelaide in 2014, and an M.Sc. in Computer Science and a B.Sc. in Mathematics and Computer Science from the Hebrew University of Jerusalem in 1993 and 1990, respectively. In between, he has been the Vice President of Research in Memco Software and a co-founder and Chief Technology Officer of Girafa.com.

Yuval Yarom's research explores the security of the interface between the software and the hardware. In particular, He is interested in the discrepancy between the way that programmers think about software execution and the concrete execution in modern processors. He works on identifying micro-architectural vulnerabilities, and on exploitation and mitigation techniques.

"Security Implications of Power Management Mechanisms in Modern Processors: Current Studies and Future Trends"

"Transient execution attacks and defenses"

"Trustworthy Machine Learning...for Systems Security" - Part 1

"Trustworthy Machine Learning...for Systems Security" - Part 2

"From Random Observations to Automated Leakage Discovery"

"Turning Timing Differences into Data Leakage" (hands-on session) 

"Requirements and Security Challenges for Resource-Constrained IoT End-Devices Baseband Processor"

"How to quickly deploy a SoC on FPGA to evaluate security solutions for communicating embedded systems ?"

Hands-on session

"The Gates of Time: Improving Cache Attacks with Transient Execution"

"The standards of embedded security"

"AI and Side-channel analysis: Lessons learned so far"

"Securing AI: On the Intentional Failures and How to Prevent Them"

"Security challenges and opportunities in emerging device technologies"

• Binary code analysis for security in the BINSEC team, Michaël Marcozzi
  • Université Paris-Saclay, CEA, List
• Cross-Layer Fault Analysis for Microprocessor Architectures, Ihab ALSHAER¹², Brice COLOMBIER²³, Christophe DELEUZE¹, Vincent BEROULLE¹ , Paolo MAISTRI²
  • ¹ Univ. Grenoble Alpes, Grenoble INP, LCIS, Valence 26000, France,
  • ² Univ. Grenoble Alpes, CNRS, Grenoble INP, TIMA, Grenoble 38000, France,
  • ³ Univ. Lyon, UJM-Saint-Etienne, CNRS Laboratoire Hubert Curien UMR 5516, Saint-Etienne, France
• Hardware-based security analysis, optimised solutions for attack detection, Lucas Georget, Vincent Migliore, Youssef Laarouchi, Vincent Nicomette
  • EDF R&D / LAAS-CNRS
• Hardware/Software co-design of a RISC-V processor and its compiler toolchain to ensure constant-time execution, Nicolas Gaudin¹, Jean-Loup Hatchikian-Houdot², Frédéric Besson², Pascal Cotret¹, Guy Gogniat¹, Guillaume Hiet³, Vianney Lapôtre¹ and Pierre Wilke³
  • ¹ Lab-STICC, Université de Bretagne Sud, Lorient, France / ENSTA Bretagne, Brest, France
  • ² EPICURE / IRISA / INRIA, Rennes, France
  • ³ CIDRE / IRISA / INRIA, CentraleSupélec, Cesson-Sévigné, France
• Indirect Eviction [IE] Cache Counteracting Eviction Based Cache Side Channel Attacks Through Indirect Eviction, M. Asim Mukhtar, Khurram Bhatti, Guy Gogniat
  • Information Technology University (ITU), Lahore, Pakistan; University of South Brittany (UBS), Lorient, France
• PHYLOG 2: Certifiability of hybrid architectures wrt cyber-security, safety and real-time, Kevin Delmas and Julien Brunel
  • ONERA
• Protection of a processor with DIFT against physical attacks, William PENSEC. Supervisors : Vianney LAPÔTRE and Guy GOGNIAT
  • Lab-STICC, Université Bretagne Sud, Lorient
• To overfit or not to overfit, improving the performance of deep learning-based side-channel analysis, Azade Rezaeezade
  • Delft University of Technology, The Netherlands