ECE Seminar: Flavien Solt

ECE Seminar: Flavien Solt

Title: Software-Inspired Techniques for Digital Hardware Security

Abstract: We entered an era where new hardware flourishes at an unprecedented pace and with unseen diversity. We are also living in an era where security and safety are paramount, and where the potential impact of a single bug can be catastrophic. Hence, we urgently need foundations to detect as many hardware bugs as possible before their deployment. Hardware validation is universally recognized as complex, expensive and tedious. Despite genuine best efforts, the last decade has shown that the industry is incapable of producing non-trivial bug- free hardware. What will then happen with the rise of open-source hardware? Without effective and easy-to-adopt solutions for validation, it is hard to believe that the open-source hardware community will be able to produce safe and secure hardware, despite its best intentions.

Interestingly, the exact same situation occurred in the software world some decades ago. Software was plagued with myriads of bugs and security issues, after which the software community developed a formidable set of tools and methodologies to detect bugs and security issues. Could we adapt some of these tools and methodologies to hardware?

To answer this question, we first observe many CPU errata, deduce the most promising techniques from software security, and adapt them. To understand contemporary CPU bugs, we build the RemembERR database based on thousands of errata. We deduce two techniques inspired by software security that are particularly promising for hardware: dynamic information flow tracking and fuzzing. We introduce CellIFT, a hardware dynamic information flow tracking mechanism that scales to the extent of complex CPUs and SoCs. Based on CellIFT, we introduce μCFI, a generic IFT-based policy capable of finding new CPU bugs and microarchitectural timing channels. Independently of IFT, we show with Cascade that a black-box CPU fuzzer can find dozens of new bugs and outperform other fuzzers’ coverage. We finally demonstrate MiRTL, a new class of hardware attacks that relies on EDA software bugs, and propose TransFuzz, a fuzzer that produces complex hardware descriptions to find such bugs in popular open-source EDA software. All these contributions demonstrate that when properly adapted, software security techniques can provide effective and easy-to-adopt solutions that will empower safer and more secure hardware.

Bio: Flavien is a postdoc in the Department of Information Technology and Electrical Engineering at ETH Zurich with Prof. Razavi and will soon join Christopher Fletcher's group as a postdoc at UC Berkeley. His research revolves around digital hardware security and has led to publications in security and computer architecture venues (USENIX Security, S&P, MICRO, ISCA, CCS, etc.).