CS 598CLF: Secure Processor Design, Fall 2017

Instructor Chris Fletcher cwfletch@illinois.edu
Location Siebel 1103 1105
Lecture Times
Tuesday and Thursday, 12:30pm - 1:45pm
Office Siebel 4106
Office Hours
Wednesdays 2pm-3pm or by appointment

With the emergence of systems such as ARM Trustzone and Intel Software Guard Extensions, secure processors have become one of the next frontiers in secure systems design. Secure processors allow emerging applications (e.g., computation outsourcing) to be realized with a significantly smaller trusted computing base and/or significantly reduced performance overheads, relative to a "pure software" solution.

This course will bring students to the cutting-edge in secure processor architecture by examining the interplay between hardware, software and applied cryptography in these systems. The first several classes will feature lectures from the instructor: to give background on secure hardware systems from the standpoints of Computer Architecture and Applied Cryptography. The body of the course will be readings and discussion of top papers in the field. Course assignments will give students hands-on experience with the Intel Software Guard Extensions (SGX) SDK, building secure applications and evaluating their security. The end of semester will culminate in an original research project.

This class is primarily intended for students who would like to conduct secure systems research where hardware plays a first-class role. It will also appeal to students with a casual interest in this hot topic, or who want to do research in computer security generally.

Syllabus [pdf]

The information in the syllabus and on this course website is subject to change. Major changes will be recorded in the announcements below (please check frequently).



Discussion papers count towards participation grade and will be the main topic each day. Other papers ("Additional reads") are recommended reading to get a more comprehensive picture for the day's topic.

Week 1
Introduction/backgroundDiscussion lead
Aug 29 Lecture: Course introduction, syllabus, introduction to Secure Processors [Slides] Additional reads:
- On the Impossibility of Cryptography Alone for Privacy-Preserving Cloud Computing. Name says it all; also discussion of limitations in hardware.
Aug 31 Lecture: Refresher: Computer Architecture [Slides] Additional reads:
- Intel SGX explained. Pages: 2-31, 42-50
Week 2
Sept 5 Lecture: Refresher: Applied Crypto for Secure Processors [Slides] Additional reads:
- Intel SGX explained. Pages: 31-42
Intel SGX and Enclave Programming
Sept 7 Lecture: SGX Deep Dive [Slides] ***See also, Kamran's video recording of this lecture.***
Additional reads:
- Intel SGX explained. Pages: 50-118
- Innovative instructions and software model for isolated execution. First paper describing SGX.
- Using innovative instructions to create trustworthy software solutions. First paper discussing SGX usage.
- Intel Software Guard Extensions (Intel SGX) Support for Dynamic Memory Management Inside an Enclave. First paper on SGX 2.0.
Week 3
Sept 12 Enclave programming [Slides] Discussion paper:
- Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data.

Additional reads:
- Shielding Applications from an Untrusted Cloud with Haven. LibOS (heavyweight) granularity enclaves.
- SCONE: Secure Linux Containers with Intel SGX. Container (featherweight) granularity enclaves.
- PANOPLY: Low-TCB Linux Applications with SGX Enclaves. POSIX-API (leightweight) granularity enclaves.
- Glamdring: Automatic Application Partitioning for Intel SGX. Automatic application partitioning to enclaves.
John Alsop
Sept 14 Enclave foundations [Slides] Discussion paper:
- A Formal Foundation for Secure Remote Execution of Enclaves.

Additional reads:
- Foundations of Hardware-Based Attested Computation and Application to SGX. Name says it all; focus is not on machine checkable proofs.
Riccardo Paccagnella
Week 4
Sept 19 Virtual memory attacks [Slides] ***Hardware covert channel/SGX lab out. Lab document, starter code.***
Discussion paper:
- Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX.

Additional reads:
- Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems. Nascent memory side-channels on SGX.
Vincent Bindschaedler
Shared Resource Attacks and Defenses
Sept 21 Shared resource attacks ***Paul and Elizabeth will present DRAMA and Cache storage channels back to back, then we will discuss both. Please read/summarize both for the class..***
Discussion paper:
- Cache Storage Channels: Alias-Driven Attacks and Verified Countermeasures.
- DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks. Like a cache timing attack, but on DRAM.

Additional reads:
- FLUSH+RELOAD: a High Resolution, Low Noise, L3 Cache Side-Channel Attack. A more gentle introduction to cache timing attacks.
Paul Murley, Elizabeth Reed
Week 5
Sept 26 Application-level attacks from shared resource attacks Discussion paper:
- Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches.

Additional reads:
- The Spy in the Sandbox: Practical Cache Attacks in JavaScript and their Implications. Launch a cache timing attack on any machine, from the browser.
Azin Heidarshenas
Sept 28 Co-location in a cloud environment ***Serif Yesil will present Cross-Tenant... in the second half of lecture.***
Discussion paper:
- Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds.
- Cross-Tenant Side-Channel Attacks in PaaS Clouds. Two for one: more information on co-location; a new model for launching application-level attacks (not histogram based).

Bingzhe Liu, Serif Yesil
Week 6
Oct 3 Hardware mitigations to shared resource attacks Discussion paper:
- Secure Hierarchy-Aware Cache Replacement Policy (SHARP): Defending Against Cache-Based Side Channel Atacks.

Additional reads:
- New cache designs for thwarting software cache-based side channel attacks. The first HW-based proposals for defeating cache-based timing attacks.
Mengjia Yan
Oct 5 Software mitigations to shared resource attacks ***Jake Bailey will present Raccoon... in the second half of lecture.***
Discussion paper:
- Oblivious Multi-Party Machine Learning on Trusted Processors.
- Raccoon: Closing Digital Side-Channels through Obfuscated Execution. Scaling instruction-level obliviousness to handle program memory (also on commodity machines).

Abdulrahman Mahmoud, Jake Bailey
Week 7
Oct 10 Language support to prevent shared resource attacks Discussion paper:
- Caisson: A Hardware Description Language for Secure Information Flow.

Additional reads:
- A Hardware Design Language for Timing-Sensitive Information-Flow Security. SecVerilog: language enhancements for timing attack-awareness in Verilog HDL.
Giordano Salvador
Oct 12 Class TBD - Chris out at MICRO TBA
Week 8
Oct 17 Class TBD - Chris out at MICRO ***Final project proposals due.***
Oct 19 Guest Lecture: Frank McKeen, Intel
(inventor and lead architect of Intel SGX)
Week 9
Bootstrapping trust
Oct 24 Authentication ***Lab due.***
Discussion paper:
- Silicon physical random functions.

Additional reads:
- Enhanced privacy id from bilinear pairing. Design of Intel SGX's EPID authentication scheme.
Jose Rodrigo Sanchez
Oct 26 Sources of randomness Discussion paper:
- Power-up SRAM State as an Identifying Fingerprint and Source of True Random Numbers.

Additional reads:
- FPGA-based True Random Number Generation using Circuit Metastability with Adaptive Feedback Control. Name says it all; how to extract randomness from low-level circuit behaviors.
Sze Chuen Tan
Week 10
Isolation Potpourri
Oct 31 Application-level isolation ala TXT Discussion paper:
- Flicker: An Execution Infrastructure for TCB Minimization.

Tianyuan Liu
Nov 2 Pre/post-cursors to SGX ***Adel will present Sanctum in the second half of lecture.***
Discussion paper:
- Scalable architectural support for trusted software.
- Sanctum: Minimal Hardware Extensions for Strong Software Isolation.

Additional reads:
- SurfNoC: A Low Latency and Provably Non-Interfering Approach to Secure Networks-On-Chip. Simple and effective throughout optimizations for NoC non-interference (in some sense finer-grain than Sanctum).
Dimitrios Skarlatos, Adel Ejjeh
Week 11
Memory Attacks and Defenses (of the code injection variety)
Nov 7 Memory corruption overview Discussion paper:
- SoK: Eternal War in memory.

Additional reads:
- If you liked the SoK, see its many related papers on CFI, DFI, etc.
Wajih Hassan
Nov 9 Lightweight hardware protections Discussion paper:
- HDFI: Hardware-Assisted Data-Flow Isolation.

Ben Schreiber
Week 12
Nov 14 Heavierweight hardware protections Discussion paper:
- Watchdog: Hardware for Safe and Secure Manual Memory Management and Full Memory Safety.

Additional reads:
- Architectural Support for Software-Defined Metadata Processing. More flexible (but heavier weight) take on in-HW instruction-level checking than Watchdog.
- Beyond the PDP-11: Architectural support for a memory-safe C abstract machine. CHERI project's (clean slate design) take on supporting memory safety in C.
Hadi Asghari-Moghaddam
Nov 16 Project checkpoint - in class presentations
Week 13
Nov 21 No class - thanksgiving
Nov 23 No class - thanksgiving
Week 14
Physical Attacks and Defenses
Nov 28 Differential X analysis ***Omri Mor will present Beyond the PDP-11... in the second half of lecture.***
Discussion paper:
- Differential Power Analysis.

Additional reads:
- Differential Fault Analysis of Secret Key Cryptosystems. Companion classic paper; based on fault injection.
Hyun Bin, Omri Mor
Nov 30 Hardware trojans Discussion paper:
- A2: Analog Malicious Hardware.

Additional reads:
- Hardware Trojan Attacks: Threat Analysis and Countermeasures. Survey for hardware trojans.
- Verifiable ASICs. Assume HW is untrustworthy, ala verified outsourced computation.
Adam Auten
Week 15
Dec 5 Attacks on DRAM ***Thomas Yurek will present Lest we forget... in the second half of lecture.***
Discussion paper:
- Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript.
- Lest We Remember: Cold Boot Attacks on Encryption Keys. A modern look at cold boot attacks.

Apostolos Kokolis, Thomas Yurek
Dec 7 External memory protection Discussion paper:
- Design and Implementation of the Ascend Secure Processor.

Additional reads:
- A Memory Encryption Engine Suitable for General Purpose Processors. Design of Intel SGX's memory encryption engine (MEE).
- CaSE: Cache-Assisted Secure Execution on ARM Processors. How to build an MEE in software on ARM processors.
Kartik Hegde
Week 16
Dec 12 On-chip memory protection Discussion paper:
- Inspection Resistant Memory: Architectural Support for Security from Physical Examination.

Jiyong Yu
Dec 14 (READING DAY, NO CLASS) ***Final project due (11:59p).***
December 13, 7-9p: Final project presentations. Location TBA.

Texts, books, resources


Grading (4 credits):

Academic Integrity

https://www.ece.illinois.edu/academics/grad/overview/general-info.asp "The faculty of the Department of Electrical and Computer Engineering expects all students to maintain academic integrity at all times in the classroom and the research laboratory and to conduct their academic work in accordance with the highest ethical standards of the engineering profession. Students are expected to maintain academic integrity by refraining from academic dishonesty, and by refraining from conduct which aids others in academic dishonesty or which leads to suspicion of academic dishonesty. Violations of academic integrity will result in disciplinary actions ranging from failing grades on assignments and courses to probation, suspension or dismissal from the University."

Ethics statement

This is a course in computer security, and as such we will discuss several "attack" techniques that, if applied in the real world, could be used to compromise the security of others. This course also involves hands-on interaction with peer-to-peer computer networks and virtual currency systems, to which numerous laws and regulations are applicable. It is your responsibility not to run afoul of laws, regulations, or ethical standards. If in doubt please contact me (the instructor).
The above information is subject to change.