3 Burak Erbagci Fangfei Liu Cagla Cakir Nail Etkin Can Akkaya Ruby B. Lee, and Ken Mai 2015 A 32kB Secure Cache Memory with Dynamic Replacement Mapping in 65nm bulk CMOS IEEE Asian Solid-States Circuit Conference (A-SSCC) Xiamen, China November 2015 2 Jakub Szefer 2013 Architectures for Secure Cloud Computing Servers PhD Thesis, Electrical Engineering Department Princeton, NJ Princeton University 3 Pramod Jamkhedkar Jakub Szefer Diego Perez-Botero Tianwei Zhang Gina Triolo Ruby.B. Lee 2013 A Framework for Realizing Security on Demand in Cloud Computing IEEE International Conference on Cloud Computing Technology and Science (CloudCom) Bristol, UK December 2013 3 Jakub Szefer Ruby B. Lee 2012 Architectural Support for Hypervisor-Secure Virtualization in Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS) March 3–7, 2012 Virtualization has become a standard part of many computer systems. A key part of virtualization is the all-powerful hypervisor which manages the physical platform and can access all of its resources, including memory assigned to the guest virtual machines (VMs). Continuing releases of bug reports and exploits in the virtualization software show that defending the hypervisor against attacks is very difficult. In this work, we present hypervisor-secure virtualization – a new research direction with the goal of protecting the guest VMs from an untrusted hypervisor. We also present the Hy- perWall architecture which achieves hypervisor-secure virtualization, using hardware to provide the protections. HyperWall allows a hypervisor to freely manage the memory, processor cores and other resources of a platform. Yet once VMs are created, our new Confidentiality and Integrity Protection (CIP) tables protect the memory of the guest VMs from accesses by the hypervisor or by DMA, depending on the customer’s specification. If a hypervisor does become compromised, e.g. by an attack from a malicious VM, it cannot be used in turn to attack other VMs. The protections are enabled through minimal modifications to the micropro- cessor and memory management units. Whereas much of the previous work concentrates on protecting the hypervisor from attacks by guest VMs, we tackle the problem of protecting the guest VMs from the hypervisor. 3 Yu-Yuan Chen Pramod A. Jamkhedkar Ruby B. Lee 2012 A Software-Hardware Architecture for Self-Protecting Data 19th ACM conference on Computer and Communications Security Raleigh, NC, USA October 16-18 information flow tracking, self-protecting data, architecture We propose a software-hardware architecture, DataSafe, that realizes the concept of self-protecting data: data that is protected by a given policy whenever it is accessed by any application – including unvetted third-party applications. Our architecture provides dynamic instantiations of secure data compartments (SDCs), with hardware monitoring of the information flows from the compartment using hardware policy tags associated with the data at runtime. Unbypassable hardware output control prevents confidential information from being leaked out. Unlike previous hardware information flow tracking systems, DataSafe software architecture bridges the semantic gap by supporting flexible, high-level software policies for the data, seamlessly translating these policies to efficient hardware tags at runtime. Applications need not be modified to interface to these software-hardware mechanisms. DataSafe architecture is designed to prevent illegitimate secondary dissemination of protected plaintext data by authorized recipients, to track and protect data derived from sensitive data, and to provide lifetime enforcement of the confidentiality policies associated with the sensitive data. 2 Yu-Yuan Chen 2012 Architecture for Data-Centric Security PhD Thesis, Electrical Engineering Department Princeton, NJ Princeton University 130 In today’s computing environment, we use various applications on our various computing devices to process our data. However, we can only implicitly trust that the applications do not do anything harmful or violate our desired confidentiality policy for the data, especially when those applications are run on today’s feature-rich and monolithic commodity operating systems. In this thesis, we present two approaches – with and without modifying the applications – that aim to provide data confidentiality protection after the data is given to an authorized recipient – a problem which we refer to as illegal secondary dissemination. We also aim for the protection of the data throughout its lifetime. The first approach follows the school of thought of providing a secure execution compartment for the security-critical part of an application. We propose to use the hardware to directly protect a trusted component of an application, which in turn controls access to the protected data, on top of an untrusted operating system. We devise a methodology for trust-partitioning an existing application into the trusted component, leaving the rest of the application untrusted. The trusted component can be used to implement the desired confidentiality policy for our sensitive data and guarantee that the policy is enforced for the lifetime of the data. We demonstrate this first approach by showing how the difficult-to-achieve originator-controlled (ORCON) access control policy can be enforced with the real-world vi editor. Our first approach essentially ties the protected data with the trusted part of the application that is protected by the hardware. However, this results in the inconvenience of having to use only a particular application to access the protected data, limiting the portability and availability of the data. Therefore, my second approach removes the applications from the trust chain and provides an application-independent secure data compartment that tracks and protects the data in the hardware, no matter which untrusted application or authorized recipient is given access to the data. We use the flexibility of software to interpret and translate high-level policies to low-level semantics that the hardware understands, and we use the hardware to persistently track the usage of the sensitive data and to control the output of the sensitive data from the machine. We have prototyped the architecture on the OpenSPARC processor platform and show how unmodified third-party applications can be run while various data-specific high-level policies can be enforced on the sensitive data. My second approach leverages a technique called Dynamic Information Flow Tracking (DIFT), which has been shown to be a powerful technique for computer security, covering both integrity and confidentiality applications. However, the falsepositives and false-negatives of DIFT techniques have hindered its practical adoption and usability. We take a deeper look at the practicality and usability issues of DIFT and explore various techniques to address the false positives and false negatives, arising from the undecidability of conditional branches, which is a type of implicit information flow that is particularly hard to solve dynamically. We propose various micro-architectural and hybrid software-hardware solutions using only the application binaries and show how the combination of these solutions help build a practical and usable DIFT system. 3 Jakub Szefer Ruby B. Lee 2011 A Case for Hardware Protection of Guest VMs from Compromised Hypervisors in Cloud Computing in Proceedings of the Second International Workshop on Security and Privacy in Cloud Computing (SPCC) June 20-24, 2011 Cloud computing, enabled by virtualization technologies, is becoming a mainstream computing model. Many companies are starting to utilize the infrastructure-as-a-service (IaaS) cloud computing model, leasing guest virtual machines (VMs) from the infrastructure providers for economic reasons: to reduce their operating costs and to increase the flexibility of their own infrastructures. Yet, many companies may be hesitant to move to cloud computing due to security concerns. An integral part of any virtualization technology is the all-powerful hypervisor. A hypervisor is a system management software layer which can access all resources of the platform. Much research has been done on using hypervisors to monitor guest VMs for malicious code and on hardening hypervisors to make them more secure. There is, however, another threat which has not been addressed by researchers – that of compromised or malicious hypervisors that can extract sensitive or confidential data from guest VMs. Consequently, we propose that a new research direction needs to be undertaken to tackle this threat. We further propose that new hardware mechanisms in the multicore microprocessors are a viable way of providing protections for the guest VMs from the hypervisor, while still allowing the hypervisor to flexibly manage the resources of the physical platform. 3 Christopher C. Lamb Pramod A. Jamkhedkar Matthew Bonsack Vishwanath Nandina Gregory L. Heileman 2011 A Domain Specific Language for Usage Management in Proceedings of the Eleventh ACM Workshop on Digital Rights Management October 21, 2011 0 Fangfei Liu Ashutosh Dutta Ruby B. Lee 2011 Adaptive and Dynamic Network Provisioning with Network Forensics Devices Princeton University Department of Electrical Engineering Technical Report CE-L2011-005 Sept. 15, 2011 3 Jeffrey S. Dwoskin Mahadevan Gomathisankaran Yu-Yuan Chen Ruby B. Lee 2010 A Framework for Testing Hardware-Software Security Architectures Annual Computer Security Applications Conference Austin, Texas USA December 6 2010 New security architectures are difficult to prototype and test at the design stage. Fine-grained monitoring of the interactions between hardware, the operating system, and applications is required. We have designed and prototyped a testing framework, using virtualization, that can emulate the behavior of new hardware mechanisms in the virtual CPU and can perform a wide range of hardware and software attacks on the system under test. Our testing framework provides APIs for monitoring hardware and software events in the system under test, launching attacks, and observing their effects. We demonstrate its use by testing the security properties of the Secret Protection (SP) architecture using a suite of attacks. We show two important lessons learned from the testing of the SP architecture that affect the design and implementation of the architecture. Our framework enables extensive testing of hardware-software security architectures, in a realistic and flexible environment, with good performance provided by virtualization. 0 Hilewitz, Yedidya Lee, Ruby B. 2009 A New Basis for Shifters in General-Purpose Processors for Existing and Advanced Bit Manipulations IEEE Transactions on Computing 58 8 August 2009 This paper describes a new basis for the implementation of the shifter functional unit in microprocessors that can implement new advanced bit manipulations as well as standard shifter operations. Our design is based on the inverse butterfly and butterfly datapath circuits, rather than the barrel shifter or log-shifter designs currently used. We show how this new shifter can implement the standard shift and rotate operations, as well as more advanced extract, deposit and mix operations found in some processors. Furthermore, it can perform important new classes of even more advanced bit manipulation instructions like arbitrary bit permutations, bit gather (or parallel extract) and bit scatter (or parallel deposit) instructions. Thus, our new functional unit performs the functionality of three functional units ? the basic shifter, the multimedia-mix unit and the advanced bit manipulation functional unit, while having a latency only slightly longer than that of the log-shifter. Available online since November 2008. 3 Eric Keller Ruby B. Lee Jennifer Rexford 2009 Accountability in Hosted Virtual Networks VISA 2009, ACM Sigcomm workshop Barcelona, Spain August 2009 0 Jeffrey Dwoskin Mahadevan Gomathisankaran Ruby B. Lee 2009 A Framework for Testing Hardware-Software Security Architectures Princeton University Department of Electrical Engineering Technical Report CE-L2009-001 February 2009 Updated June 2009 http://palms.ee.princeton.edu/PALMSopen/Dwoskin200906_TestingFramework.pdf 3 Hilewitz, Yedidya Yin, Yiqun Lisa Lee, Ruby B. 2008 Accelerating the Whirlpool Hash Function Using Parallel Table Lookup and Fast Cyclical Permutation Proceedings of the 15th Fast Software Encryption Workshop (FSE) Lausanne, Switzerland February 2008 Hash functions are an important building block in almost all security applications. In the past few years, there have been major advances in the cryptanalysis of hash functions, especially the MDx family, and it has become important to select new hash functions for next-generation security applications. One of the potential candidates is Whirlpool, an AES-based hash function. Whirlpool adopts a very different design approach from MDx, and hence it has withstood all the latest attacks. However, its slow software performance has made it less attractive for practical use. In this paper, we present a new software implementation of Whirlpool that is significantly faster than previous ones. Our optimization leverages new ISA extensions, in particularly Parallel Table Lookup (PTLU), which has previously been proposed to accelerate block ciphers like AES and DES, multimedia and other applications. We also show a novel cyclical permutation algorithm that can concurrently convert rows of a matrix to diagonals. We obtain a speedup of 8.8x and 13.9x over a basic RISC architecture using 64-bit and 128-bit PTLU modules, respectively. This is equivalent to rates of 11.4 and 7.2 cycles/byte, respectively, which makes our Whirlpool implementation faster than the fastest published rate of 12 cycles/byte for SHA-2 in software. 2 Hilewitz, Yedidya 2008 Advanced Bit Manipulation Instructions: Architecture, Implementation and Applications Department of Electrical Engineering Princeton University Advanced bit manipulation operations are not efficiently supported by commodity word-oriented microprocessors. Programming tricks are typically devised to shorten the long sequence of instructions needed to emulate these complicated operations. As these bit manipulation operations are relevant to applications that are becoming increasingly important, we propose direct support for them in microprocessors. In particular, we propose fast bit gather (or parallel extract), bit scatter (or parallel deposit) and bit matrix multiply instructions, building on previous work which focused solely on instructions for accelerating general bit permutations. <p> We show that the bit gather and bit scatter instructions can be implemented efficiently using the fast butterfly and inverse butterfly network datapaths. We define static, dynamic and loop-invariant versions of the instructions, with static versions utilizing a much simpler functional unit than dynamic or loop-invariant versions. We show how a hardware decoder can be implemented for the dynamic and loop-invariant versions to generate, dynamically, the control signals for the butterfly and inverse butterfly datapaths. We propose a new advanced bit manipulation functional unit to support bit gather, bit scatter and bit permutation instructions and then show how this functional unit can be extended to subsume the functionality of the standard shifter unit. This new unit represents an evolution in the design of shifters. <p> We also consider the bit matrix multiply instruction. This instruction multiplies two n x n bit matrices and can be used to accelerate parity computation and is a powerful bit manipulation primitive. Bit matrix multiply is currently only supported by supercomputers and we investigate simpler bmm primitive instructions suitable for implementation in a commodity processor. We consider smaller units that perform submatrix multiplication and the use of the Parallel Table Lookup module to speed up bmm. <p> Additionally, we perform an analysis of a variety of different application kernels taken from domains including binary compression, image manipulation, communications, random number generation, bioinformatics, integer compression and cryptology. We show that usage of our proposed instructions yields significant speedups over a basic RISC architecture ? parallel extract and parallel deposit speed up applications 2.4x on average, while applications that benefit from bmm instructions are accelerated up to 4.0x on average for the various bmm solutions. 3 Zhenghong Wang Ruby B. Lee 2008 A Novel Cache Architecture with Enhanced Performance and Security Proceedings of the 41st. Annual IEEE/ACM International Symposium on Microarchitecture (Micro-41) 88-93 December 2008 3 Cynthia E. Irvine Timothy E. Levin Paul C. Clark Thuy D. Nguyen 2008 A security architecture for transient trust Proceedings of the 2nd ACM workshop on Computer security architectures Alexandria, Virginia 1-8 October 31 In extraordinary situations, certain individuals may require access to information for which they are not normally authorized. For example, to facilitate rescue of people trapped inside of a burning building, firefighters may need its detailed floor plan - information that may not typically be accessible to emergency responders. Thus, it is necessary to provide transient trust so that such sensitive information is available to selected individuals only during the emergency. The architecture presented here is designed to support transient trust. It encompasses pre-positioned, updateable domains for use exclusively during emergencies along with a set of "normal" domains with different sensitivity levels. Allocated to partitions, these domains are entered via a high integrity trusted path service located in a separate trusted partition. Interaction among subjects in different partitions is controlled by a high assurance separation kernel, and efficient use of devices is achieved through the application of a three-part device model. The resulting architecture enforces mandatory security policies, yet ensures secure and revocable access to a class of information during declared emergencies. 0 Zhijie Jerry Shi Xiao Yang Ruby B. Lee 2008 Alternative application-specific processor architectures for fast arbitrary bit permutations International Journal of Embedded Systems 3 4 219-228 31 Wang, Zhenghong Lee, Ruby B. 2007 A Secure yet High Performance Cache Architecture Princeton University Department of Electrical Engineering Technical Report CE-L2007-012 November 2007 31 Hilewitz, Yedidya Lee, Ruby B. 2007 A New Basis for Shifters in General-Purpose Processors for Existing and Advanced Bit Manipulations Princeton University Department of Electrical Engineering Technical Report CE-L2007-004 July 2007 31 Hilewitz, Yedidya Lee, Ruby B. 2007 Accelerating the Whirlpool Hash Function using On-Chip Lookup Tables Princeton University Department of Electrical Engineering Technical Report CE-L2007-001 February 2007 31 Hilewitz, Yedidya Lee, Ruby B. 2007 Achieving Very Fast Bit Matrix Multiplication in Commodity Microprocessors Princeton University Department of Electrical Engineering Technical Report CE-L2007-006 August 2007 0 Potlapally, Nachiketh Raghunathan, Anand Sriavths Ravi Jha, Niraj Lee, Ruby B. 2007 Aiding Side-channel Attacks on Cryptographic Software with Satisfiability-based Analysis IEEE Transactions on VLSI 15 4 465-470 April 2007 3 Wang, Michael Lee, Ruby B. 2007 Architecture for a Non-Copyable Disk (NCdisk) Using a Secret-Protection (SP) SoC Solution Signals, Systems and Computers, 2007. ACSSC 2007. Conference Record of the Forty-First Asilomar Conference on Pacific Grove, CA, USA 1999-2003 11/04/2007 copyright, data privacy, system-on-chip Piracy of copyrighted digital contents, such as movies and music is rampant in cyberspace. A piece of digital material may be repeatedly copied and proliferated throughout the Internet with ease. We examined both software and hardware vulnerabilities in existing digital copy-protection methods. As a result, we propose a non-copyable disk (NCdisk) that makes it significantly harder for digital contents to be copied. Any digital content written onto the NCdisk can only be read through a predefined set of outputs of the NCdisk, and the original plaintext digital form may never be read out of the NCdisk. We add a minimal set of components based on the secret-protection (SP) architecture to the existing disk's SoC chipset to attribute the disk with the non-copyable property. We further present the security protocol to be used along with the NCdisk to provide a copy-protected digital movie download scenario. http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4487587 3 Neve, Michael Seifert, Jean-Pierre Wang, Zhenghong 2006 A refined look at Bernstein's AES side-channel analysis Fast abstract in the Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security (ASIACCS 2006) Taipei, Taiwan ACM 369 March 2006 AES, cache-state analysis, computer security, information leakage, s-box tables, side-channel analysis, timing analysis http://palms.ee.princeton.edu/PALMSopen/neve06refined.pdf 0 Potlapally, Nachiketh Ravi, Srivaths Raghunathan, Anand Jha, Niraj 2006 A Study of the Energy Consumption Characteristics of Cryptographic Algorithms and Security Protocols IEEE Transactions in Mobile Computing 5 2 128-143 February 2006 http://palms.ee.princeton.edu/PALMSopen/potlapally06study.pdf 3 McGregor, John Patrick Yin, Yiqun Lisa Lee, Ruby B. 2005 A Traitor Tracing Scheme Based on RSA for Fast Decryption Proceedings of the International Conference on Applied Cryptography and Network Security (ACNS 2005), Lecture Notes in Computer Science New York, USA Springer-Verlag 3531 56-74 June 7-10, 2005 http://palms.ee.princeton.edu/PALMSopen/mcgregor05traitortracing_springer.pdf 3 Lee, Ruby B. Kwan, Peter McGregor, John Patrick Dwoskin, Jeffrey Wang, Zhenghong 2005 Architecture for Protecting Critical Secrets in Microprocessors Proceedings of the 32nd International Symposium on Computer Architecture (ISCA 2005) Madison, Wisconsin, USA 2-13 June 4-8, 2005 http://palms.ee.princeton.edu/PALMSopen/lee05architecture_w_cit.pdf 3 Arora, Divya Ravi, Srivaths Raghunathan, Anand Jha, Niraj 2005 Architectural Enhancements for Secure Embedded Processing Proceedings of the NATO Advanced Research Workshop "Security and Embedded Systems" Patras, Greeece Aug. 2005 http://palms.ee.princeton.edu/PALMSopen/arora05architectural.pdf 0 McGregor, John Patrick Lee, Ruby B. 2003 Architectural Techniques for Accelerating Subword Permutations with Repetitions IEEE Transactions on Very Large Scale Integration Systems 11 3 325-335 June 2003 Cryptography, encryption, instruction set architecture, permutation, permutation instruction, processor architecture, subword parallelism, subword permutation http://palms.ee.princeton.edu/PALMSopen/mcgregor03architectural.pdf 3 Shi, Zhijie Yang, Xiao Lee, Ruby B. 2003 Arbitrary Bit Permutations in One or Two Cycles Proceedings of the 14th IEEE International Conference on Application-Specific Systems, Architectures and Processors (ASAP 2003) The Hague, The Netherlands 237-247 June 2003 http://palms.ee.princeton.edu/PALMSopen/shi03arbitrary.pdf 3 McGregor, John Patrick Karig, David Shi, Zhijie Lee, Ruby B. 2003 A Processor Architecture Defense against Buffer Overflow Attacks Proceedings of the IEEE International Conference on Information Technology: Research and Education (ITRE 2003) Newark, New Jersey, USA 243-250 Aug. 2003 Best Student Paper Award http://palms.ee.princeton.edu/PALMSopen/mcgregor03processor.pdf 3 Xiao Yang, Ruby Lee 2003 Adding 3D Graphics Support for PLX Proceedings of the IEEE International Conference on Information Technology: Research and Education (ITRE 2003) Newark, New Jersey, USA 40-44 Aug. 2003 http://palms.ee.princeton.edu/PALMSopen/yang03adding.pdf 3 Potlapally, Nachiketh Ravi, Srivaths Raghunathan, Anand Jha, Niraj 2003 Analyzing the Energy Consumption of Security Protocols Proceedings of the IEEE International Symposium on Low Power Electronics and Design (ISLPED 2003) Seoul, Korea 30-35 Aug. 2003 http://palms.ee.princeton.edu/PALMSopen/potlapally03analyzing.pdf 3 Potlapally, Nachiketh Ravi, Srivaths Raghunathan, Anand Lakshminarayana, Ganesh 2002 Algorithm Exploration for Efficient Public-Key Security Processing on Wireless Handsets Proceedings of Design Automation and Test in Europe Conference and Exhibition (DATE 2002) Le Palais des Congres, Paris, France 42-46 March, 2002 http://palms.ee.princeton.edu/PALMSopen/potlapally02algorithm.pdf 3 McGregor, John Patrick Lee, Ruby B. 2001 Architectural Enhancements for Fast Subword Permutations with Repetitions in Cryptographic Applications Proceedings of the International Conference on Computer Design (ICCD 2001) Austin, Texas, USA 453-461 Sept. 2001 http://palms.ee.princeton.edu/PALMSopen/mcgregor01architectural.pdf 3 Potlapally, Nachiketh Raghunathan, Anand Lakshminarayana, Ganesh Hsiao, Michael Chakradhar, Srimat 2001 Accurate Power Macro-modeling Techniques for Complex RTL Circuits Proceedings of the International Conference on VLSI Design Bangalore, India 235-241 Jan. 2001 http://palms.ee.princeton.edu/PALMSopen/potlapally01accurate.pdf 3 Jakub Szefer Ruby B. Lee 2013 BitDeposit: Deterring Attacks and Abuses of Cloud Computing Services Through Economic Measures in Proceedings of the Workshop on Assured Cloud Computing (ACC) May 2013 3 Gian Carlo Cardarilli Luca Di Nunzio Rocco Fazzolari Ruby B. Lee Marco Re 2010 Butterfly and inverse Butterfly nets integration on Altera NioS-ii embedded processor 44th IEEE Asilomar Conference on Signal, Systems and Computers Pacific Grove, California, USA November 2010 3 Yedidya Hilewitz CΓ©dric Lauradoux Ruby B. Lee 2008 Bit Matrix Multiplication in Commodity Processors Proceedings of 19th IEEE International Conference on Application-specific Systems, Architectures and Processors (ASAP β€˜08) July 2008 3 Shi, Zhijie Lee, Ruby B. 2000 Bit Permutation Instructions for Accelerating Software Cryptography Proceedings of the IEEE International Conference on Application-Specific Systems, Architectures and Processors (ASAP 2000) Boston, Massachusetts, USA 138-148 July 2000 http://palms.ee.princeton.edu/PALMSopen/shi00bit.pdf 3 Fangfei Liu Qian Ge Yuval Yarom Frank Mckeen Carlos Rozas Gernot Heiser Ruby Lee 2016 CATalyst: Defeating Last-Level Cache Side Channel Attacks in Cloud Computing Proceedings of IEEE Symposium on High Performance Computer Architecture (HPCA'16) Barcelona, Spain March 2016 0 Hao Wu Fangfei Liu Ruby B. Lee 2016 Cloud Server Benchmark Suite for Evaluating New Hardware Architectures IEEE Computer Architecture Letters July-Dec 2016 Adding new hardware features to a cloud computing server requires testing both the functionality and the performance of the new hardware mechanisms. However, commonly used cloud computing server workloads are not well-represented by the SPEC integer and floating-point benchmark and Parsec suites typically used by the computer architecture community. Existing cloud benchmark suites for scale-out or scale-up computing are not representative of the most common cloud usage, and are very difficult to run on a cycle-accurate simulator that can accurately model new hardware, like gem5. In this paper, we present PALMScloud, a suite of cloud computing benchmarks for performance evaluation of cloud servers, that is ready to run on the gem5 cycle-accurate simulator. We conduct a behavior characterization and analysis of the benchmarks. We hope that these cloud benchmarks, ready to run on a dual-machine gem5 simulator or on real machines, can be useful to other researchers interested in improving hardware micro-architecture and cloud server performance 3 Tianwei Zhang Yinqian Zhang Ruby B. Lee 2016 CloudRadar: A Real-time Side-channel Attack Detection System in Clouds Research in Attacks, Intrusion and Defense September 2016 We present CloudRadar, a system to detect, and hence mitigate, cache-based side-channel attacks in multi-tenant cloud systems. CloudRadar operates by correlating two events: first, it exploits signature- based detection to identify when the protected virtual machine (VM) executes a cryptographic application; at the same time, it uses anomaly-based detection techniques to monitor the co-located VMs to identify ab- normal cache behaviors that are typical during cache-based side-channel attacks. We show that correlation in the occurrence of these two events o↵er strong evidence of side-channel attacks. Compared to other work on side-channel defenses, CloudRadar has the following advantages: first, CloudRadar focuses on the root causes of cache-based side-channel at- tacks and hence is hard to evade using metamorphic attack code, while maintaining a low false positive rate. Second, CloudRadar is designed as a lightweight patch to existing cloud systems, which does not require new hardware support, or any hypervisor, operating system, application modifications. Third, CloudRadar provides real-time protection and can detect side-channel attacks within the order of milliseconds. We demonstrate a prototype implementation of CloudRadar in the OpenStack cloud framework. Our evaluation suggests CloudRadar achieves negligible performance overhead with high detection accuracy. 3 Tianwei Zhang Ruby B. Lee 2015 CloudMonatt: an Architecture for Security Health Monitoring and Attestation of Virtual Machines in Cloud Computing Proceedings of The 42nd International Symposium on Computer Architecture Portland 362-274 June 2015 3 Fangfei Liu Hao Wu Ruby B. Lee 2015 Can randomized mapping secure instruction caches from side-channel attacks? in Proceedings of the Workshop on Hardware and Architectural Support for Security and Privacy (HASP) Portland June 13, 2015 3 Jakub Szefer Pramod Jamkhedkar Diego Perez-Botero Ruby B. Lee 2014 Cyber Defenses for Physical Attacks and Insider Threats in Cloud Proceedings of the ACM Symposium on Information, Computer and Communications Security (AsiaCCS) June 2014 3 Diego Perez-Botero Jakub Szefer Ruby B. Lee 2013 Characterizing Hypervisor Vulnerabilities in Cloud Computing Servers in Proceedings of the Workshop on Security in Cloud Computing (SCC) May 2013 31 Potlapally, Nachiketh Lee, Ruby B. 2007 Checking Integrity of Untrusted Data with Few Queries Princeton University Department of Electrical Engineering Technical Report CE-L2007-008 September 2007 3 Wang, Zhenghong Lee, Ruby B. 2006 Covert and Side Channels due to Processor Architecture Proceedings of the 22nd Annual Computer Security Applications Conference (ACSAC'06) 473-482 December 2006 side channel attack, covert channel, cache, processor architecture Information leakage through covert channels and side channels is becoming a serious problem, especially when these are enhanced by modern processor architecture features. We show how processor architecture features such as simultaneous multithreading, control speculation and shared caches can inadvertently accelerate such covert channels or enable new covert channels and side channels. We first illustrate the reality and severity of this problem by describing concrete attacks. We identify two new covert channels. We show orders of magnitude increases in covert channel capacities. We then present two solutions, Selective Partitioning and the novel Random Permutation Cache (RPCache). The RPCache can thwart most cache-based software side channel attacks, with minimal hardware costs and negligible performance impact. http://www.acsac.org/2006/papers/127.pdf 3 Wang, Zhenghong Lee, Ruby B. 2005 Capacity Estimation of Non-Synchronous Covert Channels Proceedings of the 2nd International Workshop on Security in Distributed Computing Systems (SDCS 2005) Columbus, OH, USA 170-176 June 6-9, 2005 http://palms.ee.princeton.edu/PALMSopen/SDCS05_w_cit.pdf 3 Hilewitz, Yedidya Shi, Zhijie Jerry Lee, and Ruby B. 2004 Comparing Fast Implementations of Bit Permutation Instructions Proceedings of the 38th Annual Asilomar Conference on Signals, Systems, and Computers Pacific Grove, California, USA 1856-1863 Nov. 2004 http://palms.ee.princeton.edu/PALMSopen/hilewitz04comparing_with_cit.pdf 3 Luo, Zhen Lee, Ruby B. 2000 Cost-Effective Multiplication with Enhanced Adders for Multimedia Applications Proceedings of the IEEE International Symposium on Circuits and Systems (ISCAS 2000) Geneva Switzerland 1 651-654 May 2000 http://palms.ee.princeton.edu/PALMSopen/luo00cost-effective.pdf 3 Adi Fuchs Ruby B. Lee 2015 Disruptive Prefetching: Impact on Side-Channel Attacks and Cache Designs Proceedings of the 8th ACM International Systems and Storage Conference Haifa, Israel May 2015 0 Yu-Yuan Chen Ruby B. Lee 2011 DataMoat: Architectural Support for Self-Protecting Data Princeton University Department of Electrical Engineering Technical Report CE-L2011-002 (updated June 1, 2011) Feb. 10, 2011 0 Wei Zhang Jakub M. Szefer Yu-Yuan Chen Chiwai Yu Will X.Y. Li Ray C.C. Cheung Ruby B. Lee 2011 Design of Short Ring Oscillator-Based True Random Number Generator on FPGA Platform Princeton University Department of Electrical Engineering Technical Report CE-L2011-006 (updated Dec. 8, 2011) Sept. 20, 2011 31 Champagne, David Elbaz, Reouven Lee, Ruby B. 2007 Dynamic Integrity Trees for Deployable Memory Authentication Department of Electrical Engineering Technical Report CE-L2007-013 November 2007 31 Lauradoux, Cedric Lee, Ruby B. 2007 Decimation Tools Set Princeton University Department of Electrical Engineering Technical Report CE-L2007-014 November 2007 3 Yao, Frances Yin, Yiqun Lisa 2005 Design and Analysis of Password-Based Key Derivation Functions IEEE Transactions on Information Theory, vol. 51, no. 9, pp.3292-3297, Sept. 2005, and Proceedings of the Cryptographers' Track at the RSA Conference (CT-RSA 2005), Lecture Notes in Computer Science San Francisco, California, USA 3376 245-261 Feb. 2005 cryptography, iterative methods http://palms.ee.princeton.edu/PALMSopen/yao05design.pdf 3 Specht, Stephen Lee, Ruby B. 2004 Distributed Denial of Service: Taxonomies of Attacks, Tools, and Countermeasures Proceedings of the ISCA 17th International Conference on Parallel and Distributed Computing Systems (PDCS 2004), International Workshop on Security in Parallel and Distributed Systems San Francisco, California, USA 543-550 Sept. 2004 http://palms.ee.princeton.edu/PALMSopen/DDoS%20Final%20PDCS%20Paper.pdf 3 Jakub Szefer Eric Keller Ruby B. Lee Jennifer Rexford 2011 Eliminating the Hypervisor Attack Surface for a More Secure Cloud in Proceedings of the Conference on Computer and Communications Security (CCS) Oct. 17-21, 2011 Cloud computing is quickly becoming the platform of choice for many web services. Virtualization is the key underlying technology enabling cloud providers to host services for a large number of customers. Unfortunately, virtualization software is large, complex, and has a considerable attack surface. As such, it is prone to bugs and vulnerabilities that a malicious virtual machine (VM) can exploit to attack or obstruct other VMs — a major concern for organizations wishing to move “to the cloud.” In contrast to previous work on hardening or minimizing the virtualization software, we eliminate the hypervisor attack surface by enabling the guest VMs to run natively on the underlying hardware while maintaining the ability to run multiple VMs concurrently. Our NoHype system embodies four key ideas: (i) pre-allocation of processor cores and memory resources, (ii) use of virtual- ized I/O devices, (iii) minor modifications to the guest OS to perform all system discovery during bootup, and (iv) avoid- ing indirection by bringing the guest virtual machine in more direct contact with the underlying hardware. Hence, no hy- pervisor is needed to allocate resources dynamically, emulate I/O devices, support system discovery after bootup, or map interrupts and other identifiers. NoHype capitalizes on the unique use model in cloud computing, where customers specify resource requirements ahead of time and providers offer a suite of guest OS kernels. Our system supports multiple tenants and capabilities commonly found in hosted cloud infrastructures. Our prototype utilizes Xen 4.0 to prepare the environment for guest VMs, and a slightly modified version of Linux 2.6 for the guest OS. Our evaluation with both SPEC and Apache benchmarks shows a roughly 1% performance gain when running applications on NoHype compared to running them on top of Xen 4.0. Our security analysis shows that, while there are some minor limitations with cur- rent commodity hardware, NoHype is a significant advance in the security of cloud computing. 0 Jakub Szefer Yu-Yuan Chen Ray Cheung Ruby B. Lee. 2010 Evaluation of OpenSPARC FPGA Platform as a Security and Performance Research Platform Princeton University Department of Electrical Engineering Technical Report CE-L2010-002 Sept. 6, 2010 31 Potlapally, Nachiketh Lee, Ruby B. 2007 Efficient Randomness Generation Techniques for Embedded Systems Princeton University Department of Electrical Engineering Technical Report CE-L2007-015 December 2007 3 Arora, Divya Raghunathan, Anand Ravi, Srivaths Jha, Niraj 2005 Enhancing Security through Hardware-assisted Run-time Validation of Program Data Properties Proceedings of ACM/IEEE International Conference on Hardware Software Co-design and System Synthesis (CODES+ISSS 2005) New York, USA 190-195 Sept. 2005 Data tagging, run-time checks, secure architectures http://palms.ee.princeton.edu/PALMSopen/arora05enhancing.pdf 3 Fiskiran, Murat Lee, Ruby B. 2004 Evaluating Instruction Set Extensions for Fast Arithmetic on Binary Finite Fields Proceedings of the International Conference on Application-Specific Systems, Architectures, and Processors (ASAP 2004) Galveston, Texas, USA 125-136 Sept. 2004 http://palms.ee.princeton.edu/PALMSopen/fiskiran04evaluating_with_citation.pdf 3 Yang, Xiao Valia, Shamik Schulte, Michael Lee, Ruby B. 2004 Exploration and Evaluation of PLX Floating-point Instructions and Implementations for 3D Graphics Proceedings of the 38th Annual Asilomar Conference on Signals, Systems, and Computers Pacific Grove, California, USA 1873-1878 Nov. 2004 http://palms.ee.princeton.edu/PALMSopen/asilomar2004-final-with-ref.pdf 3 Lee, Ruby B. Karig, David McGregor, John Patrick Shi, Zhijie 2003 Enlisting Hardware Architecture to Thwart Malicious Code Injection Proceedings of the International Conference on Security in Pervasive Computing (SPC-2003) Boppard, Germany 237-252 March 2003 http://palms.ee.princeton.edu/PALMSopen/lee03enlisting.pdf 0 Lee, Ruby B. Shi, Zhijie Yang, Xiao 2001 Efficient Permutation Instructions for Fast Software Cryptography IEEE Micro 21 6 56-69 Dec. 2001 http://palms.ee.princeton.edu/PALMSopen/lee01efficient.pdf 3 Lee, Ruby B. 1999 Efficiency of MicroSIMD Architectures and Index-Mapped Data for Media Processors Proceedings of Media Processors 1999 IS&T/SPIE Symposium on Electric Imaging: Science and Technology San Jose, California 34-46 Jan. 1999 http://palms.ee.princeton.edu/PALMSopen/lee99efficiency.pdf 0 Yedidya Hilewitz Ruby B. Lee 2008 Fast Bit Gather, Bit Scatter and Bit Permutation Instructions for Commodity Microprocessors Journal of Signal Processing Systems Springer New York 53 1-2 145-169 11/2008 3 David Champagne Reouven Elbaz Ruby B. Lee 2008 Forward-Secure Content Distribution to Reconfigurable Hardware Proceedings of the Int'l Conference on ReConFigurable Computing and FPGAs (Reconfig'08) December 2008 0 Jeffrey S. Dwoskin Mahadevan Gomathisankaran Ruby B. Lee 2008 Framework for Design Validation of Security Architectures Princeton University Department of Electrical Engineering Technical Report CE-L2008-013 November 2008 http://palms.ee.princeton.edu/PALMSopen/techreports/Dwoskin2008TestingFramework.pdf 31 Hilewitz, Yedidya Lauradoux, Cedric Lee, Ruby B. 2007 Fast Bit Matrix Multiplication in Commodity Microprocessors Princeton University Department of Electrical Engineering Technical Report CE-L2007-011 November 2007 3 Hilewitz, Yedidya Lee, Ruby B. 2006 Fast Bit Compression and Expansion with Parallel Extract and Parallel Deposit Instructions Proceedings of the IEEE 17th International Conference on Application-Specific Systems, Architectures and Processors (ASAP) 65-72 11/09/2006 Current microprocessor instruction set architectures are word oriented, with some subword support. Many important applications, however, can realize substantial performance benefits from bitoriented instructions. We propose the parallel extract (pex) and parallel deposit (pdep) instructions to accelerate compressing and expanding selections of bits. We show that these instructions can be implemented by the fast inverse butterfly and butterfly network circuits. We evaluate latency and area costs of alternative functional units for implementing subsets of advanced bit manipulation instructions. We show applications exhibiting significant speedup, 3.41 (Best Paper Award) http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=04019493 3 Fiskiran, Murat Lee, Ruby B. 2005 Fast Parallel Table Lookups to Accelerate Symmetric-Key Cryptography Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC 2005) Las Vegas, Nevada, USA 526-531 Embedded Cryptographic Systems Track April 4-6, 2005 http://palms.ee.princeton.edu/PALMSopen/fiskiran05fast_with_citation.pdf 3 Contini, Scott Yin, Yiqun Lisa 2004 Fast Software-Based Attacks on Secure ID Proceedings of the 11th International Workshop on Fast Software Encryption (FSE 2004) Delhi, India 454-471 Feb. 2004 http://palms.ee.princeton.edu/PALMSopen/contini04fast.pdf 3 Yang, Xiao Lee, Ruby B. 2000 Fast Subword Permutation Instructions Using Omega and Flip Network Stages Proceedings of the International Conference on Computer Design (ICCD 2000) Austin, Texas, USA 15-22 Sept. 2000 http://palms.ee.princeton.edu/PALMSopen/yang00fast-2.pdf 3 Yang, Xiao Vachharajani, Manish Lee, Ruby B. 2000 Fast Subword Permutation Instructions Based on Butterfly Networks Proceedings of Media Processors IS&T/SPIE Symposium on Electric Imaging: Science and Technology San Jose, California 80-86 Jan. 2000 http://palms.ee.princeton.edu/PALMSopen/yang00fast.pdf 3 Jakub Szefer Yu-Yuan Chen Ruby B. Lee 2010 General-purpose FPGA Platform for Efficient Encryption and Hashing in Proceedings of the Application-specific Systems, Architectures and Processors conference, ASAP July 7-9, 2010 Many applications require protection of secret or sensitive information, from sensor nodes and embedded applications to large distributed systems. The confidentiality of data can be protected by encryption using symmetric-key ciphers, and the integrity of the data can be ensured by using a cryptographic hash function to calculate a ”digital fingerprint.” In this paper, we propose reconfigurable FPGA hardware components that enable rapid deployment of cryptographic and other algorithms. The novelty of our hardware components is in their general-purpose design which enables easy mappings to allow customizations of data protection for different usage scenarios. Since we utilize only a small part of an FPGA chip, our design can be readily integrated with other processing needs of a mobile device, a sensor node or a System-on-Chip. In addition to being able to implement established algorithms, our analysis shows that the new hash algorithms proposed for the National Institute of Standards and Technology (NIST) competition for Advanced Hash Algorithms (AHS) also map well onto our general-purpose components. Our solution facilitates easy hardware implementation of customizable encryption and hashing solutions, with area and speed performance comparable to custom FPGA implementations targeted at a specific cipher or hash algorithm. Furthermore, the components that we have proposed can be used for many other applications - not just for implementing block ciphers and cryptographic hash functions. 31 Jakub Szefer Ruby B. Lee 2014 Hardware-Enhanced Security for Cloud Secure Cloud Computing Berlin Springer 57-76 http://link.springer.com/chapter/10.1007%2F978-1-4614-9278-8_3 3 Chen, Yu-Yuan Lee, Ruby B. 2009 Hardware-Assisted Application-Level Access Control Information Security Conference Pisa, Italy September 2009 Applications typically rely on the operating system to en- force access control policies such as MAC, DAC, or other policies. How- ever, in the face of a compromised operating system, such protection mechanisms may be ine ective. Since security-sensitive applications are most motivated to maintain access control to their secret or sensitive in- formation, and have no control over the operating system, it is desirable to provide mechanisms to enable applications to protect information with application-speci c policies, in spite of a compromised operating system. In this paper, we enable application-level access control and information sharing with direct hardware support and protection, bypassing the de- pendency on the operating system. We analyze an originator-controlled information sharing policy (ORCON), where the content creator speci- es who has access to the le created and maintains this control after the le has been distributed. We show that this policy can be enforced by the software-hardware mechanisms provided by the Secret Protection (SP) architecture, where a Trusted Software Module (TSM) is directly protected by SP's hardware features. We develop a proof-of-concept text editor application which contains such a TSM. This TSM can imple- ment many di erent policies, not just the originator-controlled policy that we have de ned. We also propose a general methodology for trust- partitioning an application into security-critical and non-critical parts. 0 Reouven Elbaz David Champagne Catherine Gebotys Ruby B. Lee Nachiketh Potlapally Lionel Torres 2009 Hardware Mechanisms for Memory Authentication: A Survey of Existing Techniques and Engines Transactions on Computational Science IV, Lecture Notes in Computer Science (LNCS) 5340 1-22 March 2009 Trusted computing platforms aim to provide trust in computations performed by sensitive applications. Verifying the integrity of memory contents is a crucial security service that these platforms must provide since an adversary able to corrupt the memory space can affect the computations performed by the platform. After a description of the active attacks that threaten memory integrity, this paper surveys existing cryptographic techniques – namely integrity trees – allowing for memory authentication. The strategies proposed in the literature for implementing such trees on general-purpose computing platforms are presented, along with their complexity. This paper also discusses the effect of a potentially compromised Operating System (OS) on computing platforms requiring memory authentication and describes an architecture recently proposed to provide this security service despite an untrusted OS. Existing techniques for memory authentication that are not based on trees are described and their performance/security trade-off is discussed. While this paper focuses on memory authentication for uniprocessor platforms, we also discuss the security issues that arise when considering data authentication in symmetric multiprocessor (shared memory) systems. 3 Tian Lan Xiaojun Lin Mung Chiang Ruby B. Lee 2008 How Bad is Suboptimal Rate Allocation? Proceedings of the 27th. Conference on Computer Communications, IEEE (INFOCOM ’08) 951-959 April 13-18 2008 3 Dwoskin, Jeffrey Lee, Ruby B. 2007 Hardware-rooted Trust for Secure Key Management and Transient Trust ACM Conference on Computer and Communications Security (CCS) 2007 Alexandria, VA 389-400 October 2007 <p>We propose minimalist new hardware additions to a microprocessor chip that protect cryptographic keys in portable computing devices which are used in the field but owned by a central authority. Our authority-mode architecture has trust rooted in two critical secrets: a Device Root Key and a Storage Root Hash, initialized in the device by the trusted authority. Our architecture protects trusted software, bound to the device, which can use the root secrets to protect other sensitive information for many different usage scenarios. We describe a detailed usage scenario for crisis response, where first responders are given transient access to third-party sensitive information which can be securely accessed during a crisis and reliably revoked after the crisis is over. <p>We leverage the Concealed Execution Mode of our earlier user-mode SP (Secret-Protecting) architecture to protect trusted code and its execution [1]. We call our new architecture authority-mode SP since it shares the same architectural lineage and the goal of minimalist hardware roots of trust. However, we completely change the key management hardware and software to enable new remote trust mechanisms that user-mode SP cannot support. In our new architecture, trust is built on top of the shared root key which binds together the secrets, policy and trusted software on the device. As a result, the authority-mode SP architecture can be used to provide significant new functionality including transient access to secrets with reliable revocation mechanisms, controlled transitive support for policy-controlled secrets belonging to different organizations, and remote attestation and secure communications with the authority. 3 Lee, Ruby B. Shi, Zhijie Yang, Xiao 2002 How a Processor can Permute n bits in O(1) cycles Proceedings of IEEE Hot Chips 14 - A Symposium on High Performance Chips Stanford University, USA Aug. 2002 http://palms.ee.princeton.edu/PALMSopen/lee02how-presentation.pdf 0 Michael Mahon Ruby B. Lee Terrence Miller Jerome Huck William Bryg 1986 Hewlett-Packard Precision Architecture: the Processor HP Journal 37 8 19 08/1986 0 Wei-Han Lee Ruby B. Lee 2016 Implicit Authentication for Smartphone Security Information Systems Security and Privacy Springer 576 160-176 01/2016 Common authentication methods based on passwords, or fingerprints in smartphones, depend on user participation. They do not protect against the threat of an attacker getting hold of the phone after the user has been authenticated. Using a victim’s smartphone, the attacker can launch impersonation attacks, which threaten the data that can be accessed from the smartphone and also the security of other users in the network. In this paper, we propose an implicit authentication method using the sensors already built into smartphones. We utilize machine learning algorithms for smartphones to continuously and implicitly authenticate the current user. We compare two typical machine learning methods, SVM and KRR, for authenticating the user. We show that our method achieves high performance (more than 90 % authentication accuracy) and high efficiency. Our method needs less than 10 s to train the model and 20 s to detect an abnormal user. We also show that the combination of more sensors provides better accuracy. Furthermore, our method enables adjusting the security level by changing the sampling rate. 3 Wei-Han Lee Ruby B. Lee 2016 Implicit Sensor-based Authentication of Smartphone Users with Smartwatch Proceedings of the Workshop on Hardware and Architectural Support for Security and Privacy (HASP) June 2016 Smartphones are now frequently used by end-users as the portals to cloud-based services, and smartphones are easily stolen or co-opted by an attacker. Beyond the initial log- in mechanism, it is highly desirable to re-authenticate end- users who are continuing to access security-critical services and data, whether in the cloud or in the smartphone. But attackers who have gained access to a logged-in smartphone have no incentive to re-authenticate, so this must be done in an automatic, non-bypassable way. Hence, this paper proposes a novel authentication system, iAuth, for implicit, continuous authentication of the end-user based on his or her behavioral characteristics, by leveraging the sensors already ubiquitously built into smartphones. We design a system that gives accurate authentication using machine learning and sensor data from multiple mobile devices. Our system can achieve 92.1% authentication accuracy with negligible system overhead and less than 2% battery consumption. 31 Ruby B. Lee 2013 Improving Cyber Security Frank Hsu and Dorothy Marinucci Advances in Cyber Security: Technology, Operations and Experiences Fordham University Press 37-59 978-0-8232-4457-7 2 Zhenghong Wang 2012 Information Leakage Due to Cache and Processor Architectures PhD Thesis, Electrical Engineering Department Princeton, NJ Princeton University 135 When users share resources, interference between users often reflects their activities and thus leaks out information of a user to others. Microprocessors, and their associated cache memories, are typically one of the most shared resources in a computer system. Compared with traditional software-based and system-level information leakage channels, the ones in microprocessors are often much faster and more reliable – and hence more dangerous. They can also bypass existing software-based protection and isolation mechanisms, and can nullify any confidentiality or integrity protections provided by strong cryptography. Because of the ubiquitous deployment of microprocessors and the fact that the attacks are effective on essentially all modern processors, such microprocessor-level information leakage exists in almost all computing systems and has become a serious security threat to a wide spectrum of platforms and users. Motivated by the increasing importance of the processor and cache information leakage problem, this dissertation aims to investigate the information leakage problem in microprocessors in a more generalized manner. The goal is to first understand the fundamental, rather than attack-specific, mechanisms that enable information leakage, and then propose countermeasures that attack the root causes and thus are generally effective. The dissertation also attempts to develop a theoretical model of information leakage channels, which can help analyze existing channels, identify new channels, evaluate their severity, and avoid such channels in future designs. The dissertation starts with concrete practical issues that are of high importance. It first analyzes the recent cache-based software side-channel attacks, revealing their common root cause, then proposing novel cache designs that can effectively defend against all attacks in this category without compromising performance, power efficiency and cost. The proposed Newcache design can even improve performance over traditional cache architectures. The dissertation also analyzes existing processor architectures, identifies several new covert channels that are much faster than traditional channels, and discusses alternative countermeasures. The dissertation then generalizes the problem of covert channels with abstract modeling and analysis, which clarify the ambiguity in traditional classifications of covert storage versus timing channels, help identify new channels and reveal limitations of existing covert channel identification methods. The dissertation also recognizes that asynchronism is an inherent characteristic of covert channels that should be properly captured in channel capacity estimation. Quantitative results are presented. 3 Chen, Yu-Yuan Wu, Youfeng Hu, Shiliang Lee, Ruby B. 2008 Impact of Dynamic Binary Translators on Security 1st Workshop on Architectural and Microarchitectural Support for Binary Translation Beijing, China 21/06/2008 Dynamic Binary Translators (DBTs) allow programs written for a specific platform to be run on other platforms without the need for recompilation. They allow legacy software to be run on newer hardware architectures, they can perform dynamic optimization of software, and virtualization. Other benefits include providing enhanced security by dynamically adding checking code around possible software security vulnerabilities. However, before this is even considered, there are two aspects of DBTs that must first be addressed. First, are software protections provided by the application preserved under the runtime translation and optimizations done by a DBT? Will they be optimized out? We study a range of software protection techniques including Stackshield, Propolice and Stackguard, Libsafe, address space randomization, checksumming, watermarking, system call sandboxing, authenticated system calls, code obsfucation and morphing, anti-debugging, instruction-set randomization, and proof carrying code. Second, how is the DBT itself protected? How is its code cache protected? Without adequate protection, a DBT can be exploited by an attacker to cause disastrous system consequences. We propose three solutions. One solution adds a small set of hardware features to the microprocessor, as defined by the Secret Protection (SP) architecture, to protect the DBT and its code cache. 3 Potlapally, Nachiketh Ravi, Srivaths Raghunathan, Anand Lee, Ruby B. Jha, Niraj 2006 Impact of Configurability and Extensibility on IPSec Protocol Execution on Embedded Processors Proceedings of the 19th International Conference on VLSI Design (VLSID 2006) Hyderabad, India IEEE Computer Society 299-304 January 2006 Configurability, Embedded Processors, Embedded Security, Embedded Systems, Extensibility, IPSec, Performance, Security Protocols http://palms.ee.princeton.edu/PALMSopen/potlapally06impact.pdf 3 Shi, Zhijie Jerry Lee, Ruby B. 2003 Implementation Complexity of Bit Permutation Instructions Proceedings of the 37th Asilomar Conference on Signals, Systems, and Computers, Pacific Grove, California Pacific Grove, California, USA 879-886 Nov. 2003 Nominated for Best Student Paper Award http://palms.ee.princeton.edu/PALMSopen/shi03implementation.pdf 31 Lee, Ruby B. 2001 Instruction Set Architecture for Multimedia Signal Processing Vojin G. Oklobdzija Book Chapter in Vojin G. Oklobdzija ed., The Computer Engineering Handbook CRC Press, ISBN: 0-8493-0885-2, Invited Chapter 39-1 to 39-38 http://palms.ee.princeton.edu/PALMSopen/Lee_Instruction_Set_Architecture_for_Multimedia_Signal_Processing.pdf 31 D. Xu J. Dwoskin J. Huang T. Lan R. B. Lee and M. Chiang 2010 Key management in wireless ad hoc networks Theoretical Aspects of Distributed Computing in Sensor Networks S. Nikoletseas and J. Rolim Full citation: D. Xu, J. Dwoskin, J. Huang, T. Lan, R. B. Lee, and M. Chiang, “Key management in wireless ad hoc networks”, Theoretical Aspects of Distributed Computing in Sensor Networks, Ed., S. Nikoletseas and J. Rolim, Springer, November 2010. 3 Fangfei Liu Yuval Yarom Qian Ge Gernot Heiser Ruby B. Lee 2015 Last-Level Cache Side-Channel Attacks are Practical Proceedings of IEEE Symposium on Security and Privacy San Jose 605-622 May 2015 0 Tianwei Zhang Ruby B. Lee 2016 Monitoring and Attestation of Virtual Machine Security Health in Cloud Computing IEEE Micro Special Issues on Security 36 5 Sept/Oct 2016 Abstract: Cloud customers need assurances regarding the security of their virtual machines (VMs) operating within an infrastructure-as-a-service cloud system. This is complicated by the customer not knowing where the VM is executing and by the semantic gap between what the customer wants to know versus what can be measured in the cloud. In this article, the authors present an architecture for monitoring a VM's security health. Their architecture can communicate this to the customer in an unforgeable manner. The authors show a concrete implementation of property-based attestation and a full prototype based on the OpenStack open source cloud software. 3 Wei-Han Lee Ruby B. Lee 2015 Multi-sensor authentication to improve smartphone security Proceedings of International Conference on Information Systems Security and Privacy February 2015 The widespread use of smartphones gives rise to new security and privacy concerns. Smartphone thefts account for the largest percentage of thefts in recent crime statistics. Using a victim’s smartphone, the attacker can launch impersonation attacks, which threaten the security of the victim and other users in the network. Our threat model includes the attacker taking over the phone after the user has logged on with his password or pin. Our goal is to design a mechanism for smartphones to better authenticate the current user, continuously and implicitly, and raise alerts when necessary. In this paper, we propose a multi-sensors-based system to achieve continuous and implicit authentication for smartphone users. The system continuously learns the owner’s behavior patterns and environment characteristics, and then authenticates the current user without interrupting user-smartphone interactions. Our method can adaptively update a user’s model considering the temporal change of user’s patterns. Experimental results show that our method is efficient, requiring less than 10 seconds to train the model and 20 seconds to detect the abnormal user, while achieving high accuracy (more than 90%). Also the combination of more sensors provide better accuracy. Furthermore, our method enables adjusting the security level by changing the sampling rate. 3 Yuval Yarom Qian Ge Fangfei Liu Ruby B. Lee Gernot Heiser 2015 Mapping the Intel Last-Level Cache IACR Cryptology ePrint Archive, Report 2015/905 3 Christopher C. Lamb Pramod A. Jamkhedkar Gregory L. Heileman Chaouki T.Abdallah 2011 Managed Control of Composite Cloud Systems in Proceedings of International Conference on System of Systems Engineering (SOSE) June 27-30, 2011 3 Mahadevan Gomathisankaran Ruby B. Lee 2009 Maya: A Novel Block Encryption Function International Workshop on Coding and Cryptography (WCC 2009) Ullensvang, Norway May 2009 3 Tian Lan Ruby B. Lee Mung Chiang 2009 Multi-path Key Establishment Against REM Attacks in Wireless Ad Hoc Networks IEEE Global Communications Conference (GLOBECOM 2009) Honolulu, Hawaii, USA Nov/Dec 2009 Secure communications in wireless ad hoc networks require setting up end-to-end secret keys for communicating node pairs. Due to physical limitations and scalability requirements, full key-connectivity can not be achieved by key pre-distribution. In this paper, we develop an analytical framework for the on-demand key establishment approach. We propose a novel security metric, called REM resilience vector to quantify the resilience of any key establishment schemes against Revealing, Erasure, and Modification (REM) attacks. Our analysis shows that previous key establishment schemes are vulnerable under REM attacks. Relying on the new security metric, we prove a universal bound on achievable REM resilience vectors for any ondemand key establishment scheme. This bound that characterizes the optimal security performance analytically is shown to be tight, as we propose a REM-resilient key establishment scheme which achieves any vector within this bound. In addition, we develop a class of low complexity key establishment schemes which achieve nearly-optimal REM-attack resilience. Best Paper Award 0 Yu-Yuan Chen Jeffrey S. Dwoskin Mahadevan Gomathisankaran Ruby B. Lee 2009 Making Security Validation as Easy as Performance Evaluation Princeton University Department of Electrical Engineering Technical Report CE-L2009-005 November 2009 31 Tian Lan Ruby B. Lee Mung Chiang 2008 Multi-path Key Establishment under Byzantine Attacks in Wireless Ad Hoc Networks Princeton University Department of Electrical Engineering Technical Report CE-L2008-018 3 Wang, Zhenghong Deng, Jing Lee, Ruby B. 2007 Mutual Anonymous Communications: A New Covert Channel Based on Splitting Tree MAC IEEE Infocom 2007 2531-2535 May 6-12, 2007 Known covert channel based on splitting algorithms in Medium Access Control (MAC) protocols requires the receiver?s knowledge of the sender?s identity. In this paper we present a new covert channel that does not have this restriction. In such a channel, multiple senders may operate independently without knowing each other, and the receiver can learn the transmitted information without knowing the identity of any covert sender a priori. These properties make the channel robust to malfunctioning senders, and more importantly help protect the secrecy of senders? identity which is essential for covert communications. We also analyze the capacity of our proposed covert channel. 31 Champagne, David Lee, Ruby B. 2007 Memory Integrity for Secure Computing Platforms Princeton University Department of Electrical Engineering Technical Report CE-L2007-003 June 2007 3 Wang, Zhenghong Lee, Ruby B. 2003 Micro-Architecture Issues of Predicated Execution Proceedings of the 37th Asilomar Conference on Signals, Systems, and Computers Pacific Grove, California, USA 349-354 Nov. 2003 http://palms.ee.princeton.edu/PALMSopen/withRef.pdf 31 Lee, Ruby B. Fiskiran, Murat 2001 Multimedia Instructions in Microprocessors for Native Signal Processing Yu Hen Hu Book Chapter in Yu Hen Hu, ed., Programmable Digital Signal Processors: Architecture: Programming, and Applications New York Marcel Dekker, Inc., ISBN: 0-8247-0647-1 91-145 http://palms.ee.princeton.edu/PALMSopen/Lee_Multimedia_Instructions_in_Microprocessors_for_Native_Signal_Processing.pdf 3 Lee, Ruby B. Fiskiran, Murat Bubshait, Abdulla 2001 Multimedia Instructions in IA-64 Proceedings of the IEEE International Conference on Multimedia and Expo (ICME 2001) Tokyo, Japan Aug. 2001 281-284 http://palms.ee.princeton.edu/PALMSopen/lee01multimedia-from-proceedings.pdf 0 Fangfei Liu Hao Wu Kenneth Mai Ruby B. Lee 2016 Newcache: secure cache architecture thwarting cache side channel attacks IEEE Micro Special Issues on Security 36 5 Sept/Oct 2016 Newcache is a secure cache that can thwart cache side-channel attacks to prevent the leakage of secret information. All caches today are susceptible to cache side-channel attacks, despite software isolation of memory pages in virtual address spaces or virtual machines. These cache attacks can leak secret encryption keys or private identity keys, nullifying any protection provided by strong cryptography. Newcache uses a novel dynamic, randomized memory-to-cache mapping to thwart contention-based side-channel attacks, rather than the static mapping used by conventional set-associative caches. In this article, the authors present an improved design of Newcache, in terms of security, circuit design and simplicity. They show Newcache's security against a suite of cache side-channel attacks. They evaluate Newcache's system performance for cloud computing, smartphone, and SPEC benchmarks and find that Newcache performs as well as conventional set-associative caches, and sometimes better. They also designed a VLSI test chip with a 32-Kbyte Newcache and a 32-Kbyte, eight-way, set-associative cache and verified that the access latency, power, and area of the two caches are comparable. These results show that Newcache can be used as L1 data and instruction caches to improve security without impacting performance. 3 Tianwei Zhang Ruby B. Lee 2014 New Models of Cache Architectures Characterizing Information Leakage from Cache Side Proceedings of Annual Computer Security Applications Conference (ACSAC) December 2014 96-105 3 Eric Keller Jakub Szefer Jennifer Rexford Ruby B. Lee 2010 NoHype: Virtualized cloud infrastructure without the virtualization in Proceedings of the International Symposium on Computer Architecture, ISCA June 19-23 2010 Cloud computing is a disruptive trend that is changing the way we use computers. The key underlying technology in cloud infrastructures is virtualization – so much so that many consider virtualization to be one of the key features rather than simply an implementation detail. Unfortunately, the use of virtualization is the source of a significant security concern. Because multiple virtual machines run on the same server and since the virtualization layer plays a considerable role in the operation of a virtual machine, a malicious party has the opportunity to attack the virtualization layer. A successful attack would give the malicious party control over the all-powerful virtualization layer, potentially compromising the confidentiality and integrity of the software and data of any virtual machine. In this paper we propose removing the virtualization layer, while retaining the key features enabled by virtualization. Our NoHype architecture, named to indicate the removal of the hypervisor, addresses each of the key roles of the virtualization layer: arbitrating access to CPU, memory, and I/O devices, acting as a network device (e.g., Ethernet switch), and managing the starting and stopping of guest virtual machines. Additionally, we show that our NoHype architecture may indeed be “no hype” since nearly all of the needed features to realize the NoHype architecture are currently available as hardware extensions to processors and I/O devices. 3 Wang, Zhenghong Lee, Ruby B. 2007 New Cache Designs for Thwarting Software Cache-based Side Channel Attacks Proceedings of the 34th International Symposium on Computer Architecture (ISCA 2007) San Diego, CA 494 - 505 June 2007 Software cache-based side channel attacks are a serious new class of threats for computers. Unlike physical side channel attacks that mostly target embedded cryptographic devices, cache-based side channel attacks can also undermine general purpose systems. The attacks are easy to perform, effective on most platforms, and do not require special instruments or excessive computation power. In recently demonstrated attacks on software implementations of ciphers like AES and RSA, the full key can be recovered by an unprivileged user program performing simple timing measurements based on cache misses. <p>We first analyze these attacks, identifying cache interference as the root cause of these attacks. We identify two basic mitigation approaches: the partition-based approach eliminates cache interference whereas the randomization-based approach randomizes cache interference so that zero information can be inferred. We present new security-aware cache designs, the Partition-Locked cache (PLcache) and Random Permutation cache (RPcache), analyze and prove their security, and evaluate their performance. Our results show that our new cache designs with built-in security can defend against cache-based side channel attacks in general ? rather than only specific attacks on a given cryptographic algorithm ? with very little performance degradation and hardware cost. 3 Wang, Zhenghong Lee, Ruby B. 2005 New Constructive Approach to Covert Channel Modeling and Channel Capacity Estimation Proceedings of the 8th Information Security Conference (ISC 2005) Singapore 498-505 September 2005 http://palms.ee.princeton.edu/PALMSopen/ISC05_w_cit.pdf 3 Xiaoxin Chen Tal Garfinkel E. Christopher Lewis Pratap Subrahmanyam Carl A. Waldspurger Dan Boneh Jeffrey S. Dwoskin Dan R. K. Ports 2008 Overshadow: A Virtualization-Based Approach to Retrofitting Protection in Commodity Operating Systems Proc. of the Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS) March 2008 http://www.vmware.com/files/pdf/partners/academic/overshadow.pdf 3 Fiskiran, Murat Lee, Ruby B. 2005 On-Chip Lookup Tables for Fast Symmetric-Key Encryption Proceedings of the IEEE 16th International Conference on Application-Specific Systems, Architectures and Processors (ASAP 2005) Samos, Greece 356-363 July 23-25, 2005 combinational circuits, cryptography, reduced instruction set computing, table lookup http://palms.ee.princeton.edu/PALMSopen/fiskiran05on-chip_cit.pdf 3 Lee, Ruby B. Rivest, R L Robshaw, M J B Shi, Z J Yin, Y L 2004 On Permutation Operations in Cipher Design Proceedings of the International Conference on Information Technology (ITCC 2004) Las Vegas, Nevada, USA 569-577 April 5-7, 2004 http://palms.ee.princeton.edu/PALMSopen/lee04permutation.pdf 3 Potlapally, Nachiketh Ravi, Srivaths Raghunathan, Anand Lakshminarayana, Ganesh 2002 Optimizing Public-Key Encryption for Wireless Clients Proceedings of IEEE International Conference on Communications (ICC 2002) New York City, USA 1050-1056 28/04/2002 http://palms.ee.princeton.edu/PALMSopen/potlapally02optimizing.pdf 2 Hao Wu 2015 Performance Measurement and Security Testing of a Secure Cache Design MSE Thesis, Electrical Engineering Department Princeton Princeton University 2 Degio Perez-Botero 2013 Pwnetizer: Improving Availability in Cloud Computing Through Fast Cloning and I/O Randomization MSE Thesis, Computer Science Department Princeton, NJ Princeton University 3 Jakub Szefer Pramod Jamkhedkar Yu-Yuan Chen Ruby B. Lee 2012 Physical Attack Protection with Human-Secure Virtualization in Data Centers Workshop on Open Resilient human-aware Cyber-physical Systems (WORCS) June 25, 2012 3 Ruby B. Lee Yu-Yuan Chen 2010 Processor Accelerator for AES Proceedings of the 2010 IEEE 8th Symposium on Application Specific Processors Anaheim, CA, USA 71-76 June 13-14 2010 Software AES cipher performance is not fast enough for encryption to be incorporated ubiquitously for all computing needs. Furthermore, fast software implementations of AES that use table lookups are susceptible to software cache-based side channel attacks, leaking the secret encryption key. To bridge the gap between software and hardware AES implementations, several Instruction Set Architecture (ISA) extensions have been proposed to provide speedup for software AES programs, most notably the recent introduction of six AES-specific instructions for Intel microprocessors. However, algorithm-specific instructions are less desirable than general-purpose ones for microprocessors. In this paper, we propose an enhanced parallel table lookup instruction that can achieve the fastest reported software AES encryption and decryption of 1.38 cycles/byte for generalpurpose microprocessors, a 1.45X speedup from the fastest prior work reported. Also, security is improved where cache-based side-channel attacks are thwarted, since all table lookups take the same amount of time. Furthermore, the new instructions can also be used to accelerate any functions that can be accelerated through table lookup operations of one or multiple small tables. 3 David Champagne Ruby B. Lee 2010 Processor-based Tailored Attestation Princeton University Department of Electrical Engineering Technical Report CE-L2010-005, Nov 15, 2010. 31 Lee, Ruby B. Fiskiran, Murat Wang, Michael Hilewitz, Yedidya Chen, Yu-Yuan 2007 PAX: A Cryptographic Processor with Parallel Table Lookup and Wordsize Scalability Princeton University Department of Electrical Engineering Technical Report CE-L2007-010 November 2007 3 Hilewitz, Yedidya Lee, Ruby B. 2007 Performing Advanced Bit Manipulations Efficiently in General-Purpose Processors Proceedings of the 18th IEEE Symposium on Computer Arithmetic (ARITH-18) Montpellier, France 251-260 June 2007 shifter, rotations, permutations, bit manipulations, arithmetic, processor This paper describes a new basis for the implementation of a shifter functional unit. We present a design based on the inverse butterfly and butterfly datapath circuits that performs the standard shift and rotate operations, as well as more advanced extract, deposit and mix operations found in some processors. Additionally, it also supports important new classes of even more advanced bit manipulation instructions recently proposed: these include arbitrary bit permutations, bit scatter and bit gather instructions. The new functional unit?s datapath is comparable in latency to that of the classic barrel shifter. It replaces two existing functional units - shifter and mix - with a much more powerful one. 3 McGregor, John Patrick Lee, Ruby B. 2005 Protecting Cryptographic Keys and Computations via Virtual Secure Coprocessing Computer Architecture News, vol. 33., no. 1, pp. 16-26, March 2005, and Proceedings of the Workshop on Architectural Support for Security and Antivirus (WASSA 2004) Boston, Massachusetts, USA Oct. 9-13, 2004 http://palms.ee.princeton.edu/PALMSopen/mcgregor04protecting.pdf 0 Lee, Ruby B. Fiskiran, Murat 2005 PLX: An Instruction Set Architecture and Testbed for Multimedia Information Processing Journal of VLSI Signal Processing 40 1 85-108 multimedia, instruction set architecture, ISA, processor architecture, media processing http://palms.ee.princeton.edu/PALMSopen/lee05plx.pdf 3 Fiskiran, Murat Lee, Ruby B. 2004 Performance Scaling of Cryptography Operations in Servers and Mobile Clients Proceedings of the Workshop on Building Block Engine Architectures for Computer Networks (BEACON 2004) Boston, Massachusetts, USA Oct. 2004 network security, algorithms, cryptography, public key http://palms.ee.princeton.edu/PALMSopen/fiskiran04performance_with_citation.pdf 3 Yang, Xiao Lee, Ruby B. 2004 PLX FP: An Efficient Floating-Point Instruction Set for 3D Graphics Proceedings of the IEEE International Conference on Multimedia and Expo (ICME 2004) Taipei, Taiwan 137-140 June 2004 http://palms.ee.princeton.edu/PALMSopen/yang04plx.pdf 31 Fiskiran, Murat Lee, Ruby B. 2004 PAX: A Datapath-Scalable Minimalist Cryptographic Processor for Mobile Devices Nadia Nedjah Luiza de Macedo Mourelle Book chapter in Nadia Nedjah and Luiza de Macedo Mourelle eds., Embedded Cryptographic Hardware: Design and Security New York Nova Science Publisher, ISBN: 1-59454-145-0, Chapter 2 19-34 https://www.novapublishers.com/catalog/product_info.php?products_id=270 31 Lee, R B Rivest, R L Robshaw, M J B Shi, Z J Yin, Y L 2004 Permutation Operations in Block Ciphers Nadia Nedjah Luiza de Macedo Mourelle Book chapter in Nadia Nedjah and Luiza de Macedo Mourelle eds., Embedded Cryptographic Hardware: Design and Security New York Nova Science Publisher, ISBN: 1-59454-145-0, Chapter 13 219-236 http://books.google.com/books?id=1Npt_Gj7nJIC&pg=PA19&lpg=PA19&dq=PAX:+A+Datapath-Scalable+Minimalist+Cryptographic+Processor+for&source=bl&ots=At_exM0b76&sig=Kkvh1BvA3mfnbwpU4_kuEgAqjR0&hl=en&sa=X&oi=book_result&resnum=1&ct=result#PPR9,M1 http://palms.ee.princeton.edu/PALMSopen/lee04permutation_book.pdf 3 Lee, Ruby B. Fiskiran, Murat 2002 PLX: A Fully Subword-Parallel Instruction Set Architecture for Fast Scalable Multimedia Processing Proceedings of the 2002 IEEE International Conference on Multimedia and Expo (ICME 2002) Lusanne, Switzerland 117-120 Aug. 2002 http://palms.ee.princeton.edu/PALMSopen/lee02plx-from-proceedings.pdf 3 Fiskiran, Murat Lee, Ruby B. 2001 Performance Impact of Addressing Modes on Encryption Algorithms Proceedings of the International Conference on Computer Design (ICCD 2001) Austin, Texas, USA 542-545 Sept. 2001 http://palms.ee.princeton.edu/PALMSopen/fiskiran01performance-from-proceedings.pdf 3 McGregor, John Patrick Lee, Ruby B. 2000 Performance Impact of Data Compression on Virtual Private Network Transactions Proceedings of the 25th IEEE Conference on Local Computer Networks (LCN 2000) Tampa, Florida, USA 500-510 Nov. 2000 http://palms.ee.princeton.edu/PALMSopen/mcgregor00performance.pdf 0 Ruby B. Lee 1989 Precision Architecture IEEE computer 22 1 14 01/1989 3 Wei-Han Lee Changchang Liu Shouling Ji Prateek Mittal Ruby Lee 2017 Quantification of De-anonymization Risks in Social Networks Information Systems Security and Privacy Porto 19/02/2017 Structure-based de-anonymization attacks anonymization utility de-anonymization capability theoretical bounds The risks of publishing privacy-sensitive data have received considerable attention recently. Several deanonymization attacks have been proposed to re-identify individuals even if data anonymization techniques were applied. However, there is no theoretical quantification for relating the data utility that is preserved by the anonymization techniques and the data vulnerability against de-anonymization attacks. In this paper, we theoretically analyze the de-anonymization attacks and provide conditions on the utility of the anonymized data (denoted by anonymized utility) to achieve successful de-anonymization. To the best of our knowledge, this is the first work on quantifying the relationships between anonymized utility and de-anonymization capability. Unlike previous work, our quantification analysis requires no assumptions about the graph model, thus providing a general theoretical guide for developing practical deanonymization/anonymization techniques. Furthermore, we evaluate state-of-the-art de-anonymization attacks on a real-world Facebook dataset to show the limitations of previous work. By comparing these experimental results and the theoretically achievable de-anonymization capability derived in our analysis, we further demonstrate the ineffectiveness of previous de-anonymization attacks and the potential of more powerful de-anonymization attacks in the future. 3 Fangfei Liu Ruby B. Lee 2014 Random Fill Cache Architecture Proceedings of the 47th Annual IEEE/ACM International Symposium on Microarchitecture (Micro-47) Cambridge 203-215 MICRO'47 December 2014 3 Jakub Szefer Wei Zhang Yu-Yuan Chen David Champagne King Chan Will Li Ray Cheung Ruby B. Lee 2011 Rapid Single-Chip Secure Processor Prototyping on OpenSPARC FPGA Platform in Proceedings of the Rapid System Prototyping Symposium (RSP) May 24-27, 2011 Secure processors have become increasingly important for trustworthy computing as security breaches escalate. By providing hardware-level protection, a secure processor ensures a safe computing environment where confidential data and applications can be protected against both hardware and software attacks. In this paper, we present a single-chip secure processor model and demonstrate rapid prototyping of the secure processor on the OpenSPARC FPGA platform. OpenSPARC T1 is an industry-grade, open-source, FPGA-synthesizable general- purpose microprocessor originally developed by Sun Microsystems, now acquired by Oracle. It is a multi-core, multi-threaded 64-bit processor with open-source hardware, including the microprocessor core, as well as system software that can be freely modified by researchers. We modify the OpenSPARC T1 processor by adding security modules: an AES engine, a TRNG and a memory integrity tree. These enhancements enable security features like memory encryption and memory integrity verification. By prototyping this single-chip secure processor on the FPGA platform, we find that the OpenSPARC T1 FPGA platform has many advantages for secure processor research. Our prototyping demonstrates that additional modules can be added quickly and easily and they add little resource overhead to the base OpenSPARC processor. 0 Yu-Yuan Chen Pramod Jamkhedkar Ruby B. Lee 2011 Running Untrusted Applications on Sensitive Data Princeton University Department of Electrical Engineering Technical Report CE-L2011-007 Nov. 16, 2011 31 Tian Lan Ruby B. Lee Mung Chiang 2008 Reliable and Secure Distributed Storage of Critical Information Princeton University Department of Electrical Engineering Technical Report CE-L2008-017, 3 Xu, Dahai Huang, Jianwei Dwoskin, Jeffrey Chiang, Mung Lee, Ruby B. 2007 Re-examining Probabilistic Versus Deterministic Key Management Proceedings of the 2007 IEEE International Symposium on Information Theory (ISIT) Nice, France 2586-2590 June 2007 It is widely believed that although being more complex, a probabilistic key predistribution scheme is much more resilient against node capture than a deterministic one in lightweight wireless ad hoc networks. Backed up by the surprisingly large successful attack probabilities computed in this paper, we show that the probabilistic approaches have only limited performance advantages over deterministic approaches. We first consider a static network scenario as originally considered in the seminal paper by Eschenauer and Gligor [1], where any node capture happens after the establishment of all pairwise links, and show that the deterministic approach can achieve a performance as good as the probabilistic one. Furthermore in a mobile network, the probabilistic key management as described in [1] can lead to a successful attack probability of one order of magnitude larger than the one in a static network. 31 Lee, Ruby B. Wang, Michael 2007 Resolving Encoding Issues in Combining PAX and PLX Instruction Sets Princeton University Department of Electrical Engineering Technical Report CE-L2007-007 August 2007 3 Fiskiran, Murat Lee, Ruby B. 2004 Runtime Execution Monitoring (REM) to Detect and Prevent Malicious Code Execution Proceedings of the International Conference on Computer Design (ICCD 2004) San Jose, California, USA 452-457 Oct. 11-13, 2004 http://palms.ee.princeton.edu/PALMSopen/fiskiran04runtime.pdf 3 Lee, Ruby B. Fiskiran, Murat Shi, Zhijie Yang, Xiao 2002 Refining Instruction Set Architecture for High-Performance Multimedia Processing in Constrained Environments Proceedings of the 13th IEEE International Conference on Application-Specific Systems, Architectures and Processors (ASAP 2002) San Jose, California 253-264 July 2002 http://palms.ee.princeton.edu/PALMSopen/lee02refining-from-proceedings.pdf 3 Fangfei Liu Ruby B. Lee 2013 Security Testing of a Secure Cache Design in Proceedings of the Workshop on Hardware and Architectural Support for Security and Privacy (HASP) June 24, 2013 3 Tianwei Zhang Si Chen Fangfei Liu Ruby B. Lee 2013 Side Channel Vulnerability Metrics: the Promise and the Pitfalls in Proceedings of the Workshop on Hardware and Architectural Support for Security and Privacy (HASP) June 24, 2013 3 Tianwei Zhang Jakub Szefer Ruby B. Lee 2012 Security Verification of Hardware-enabled Attestation Protocols in Proceedings of the Workshop on Hardware and Architectural Support for Security and Privacy (HASP) December 2012 3 Mark D. Heileman Mike Gilger Gregory L. Heileman Pramod A. Jamkhedkar Matthew P. Shaver 2011 SMASHUP: secure mashup for defense transformation and net-centric systems in Proceedings of Defense Transformation and Net-Centric Systems April 27, 2011 0 Tian Lan Xiaojun Lin Mung Chiang Ruby B. Lee 2011 Stability and benefits of suboptimal utility maximization IEEE/ACM Transactions on Networking 19 4 Network utility maximization has been widely used to model resource allocation and network architectures. However, in practice, often it cannot be solved optimally due to complexity reasons. Thus motivated, we address the following two questions in this paper: 1) Can suboptimal utility maximization maintain queue stability? 2) Can underoptimization of utility objective function in fact benefit other network design objectives? We quantify the following intuition: A resource allocation that is suboptimal with respect to a utility maximization formulation maintains maximum flow-level stability when the utility gap is sufficiently small and information delay is bounded, and it can still provide a guaranteed size of stability region otherwise. Utility-suboptimal rate allocation can also enhance other network performance metrics, e.g., it may reduce link saturation. These results provide a theoretical support for turning attention from optimal but complex solutions of network optimization to those that are simple even though suboptimal. 3 David Champagne Ruby B. Lee 2010 Scalable Architectural Support for Trusted Software The 16th IEEE International Symposium on High-Performance Computer Architecture (HPCA) Bangalore, India Jan 9-14 2010 We present Bastion, a new hardware-software architecture for protecting security-critical software modules in an untrusted software stack. Our architecture is composed of enhanced microprocessor hardware and enhanced hypervisor software. Each trusted software module is provided with a secure, fine-grained memory compartment and its own secure persistent storage area. Bastion is the first architecture to provide direct hardware protection of the hypervisor from both software and physical attacks, before employing the hypervisor to provide the same protection to security-critical OS and application modules. Our implementation demonstrates the feasibility of bypassing an untrusted commodity OS to provide application security and shows better security with higher performance when compared to the Trusted Platform Module (TPM), the current industry state-of-the-art security chip. We provide a proof-of- concept implementation on the OpenSPARC platform. Nominated for Best Paper Award. 2 David Champagne 2010 Scalable Security Architecture for Trusted Software PhD Thesis, Electrical Engineering Department Princeton, NJ Princeton University 231 Security-critical tasks executing on general-purpose computers require protection against software and hardware attacks to achieve their security objectives. Security services providing this protection can be offered by mechanisms rooted in processor hardware, since its storage and computing elements are typically outside the reach of attackers. This thesis presents the Bastion architecture, a hardware-software security architecture for providing protection scalable to a large number of security-critical tasks. Protection is enabled by three sets of new mechanisms: for protecting a trusted hypervisor, for fine-grained protection of modules in application or operating system space, and for securing the input and output of Bastion-protected software modules. This thesis also presents an implementation and evaluation of Bastion, and explores alternatives for one of its core security functions: memory authentication. The hypervisor, a layer of software dedicated to the virtualization of machine resources, is increasingly being involved in security solutions. We use it in Bastion as a manager of security-critical tasks. While past solutions protect the hypervisor from runtime software attacks, Bastion also protects the hypervisor from physical attacks, protects it from offline attacks, and provides it with a secure launch mechanism. Within this protected Bastion hypervisor, we design a second set of mechanisms that provide separate execution compartments for each security-critical task running in the virtual machines hosted by the hypervisor. These compartments are protected against both hardware attacks and software attacks originating from a potentially compromised operating system. To enable security-critical tasks to communicate with the outside world, we provide a third set of mechanisms for secure input and output to and from Bastion-protected compartments. We implement and evaluate a Bastion prototype by modifying the source code of the OpenSPARC processor and hypervisor systems. Addionally, we survey the design space of alternatives to the Bastion memory authentication mechanism, which is central to protecting critical software execution in Bastion. These contributions can improve security in the digital world by informing the design of the next generation of general-purpose computing platforms. 2 Jeffrey S. Dwoskin 2010 Securing the Use of Sensitive Data on Remote Devices Using a Hardware-Software Architecture PhD Thesis, Electrical Engineering Department Princeton, NJ Princeton University 294 Many corporations, private organizations, and government agencies maintain sensitive data that must be accessed remotely by their employees using portable devices. The organizations have a responsibility to secure the data to ensure that it does not get used inappropriately or get disseminated beyond these trusted users. We have designed a computer architecture for these devices, combining new hardware and software, that allows trust to be placed in the devices even when they are not under the organization's physical control. We have designed, implemented, and tested the Authority-mode Secret-Protection Architecture, which places roots of trust in hardware in the processor chip. It provides new hardware mechanisms based on these roots of trust to protect the execution of trusted software and to provide that software with master secrets. The software uses the master secrets to secure the sensitive data and to communicate securely over the network. The user interacts with this software, which enforces security policies while giving access to data. The organization designates a central authority that will manage the software on the devices, set security policies, communicate with the devices, and control access to data. Our new hardware mechanisms bind together the device's on-chip roots of trust with the authority's data and trusted software, such that the authority can be assured that the security policies will always be enforced. To show how our design can be adapted to other platforms, we provide a modi ed architecture for embedded devices. We additionally demonstrate how the full archi- tecture can be integrated with trustworthy system software in a mandatory access control system. Finally, we have built a testing framework that can help designers validate new security architectures like ours. The framework allows new architectures to be mod- eled in a virtualization environment, where a separate testing system has complete controllability and observability over hardware and software. It is used to test the e ects of various security attacks and to assist in the development of trusted software for the new architecture. We use the framework to test the prototype hardware and software of our architecture. https://docs.google.com/viewer?url=http%3A%2F%2Fpalms.ee.princeton.edu%2FPALMSopen%2Fdissertations%2FDwoskinThesis-20100429-v2.0-doublespace.pdf 3 Timothy Levin Jeffrey Dwoskin Ganesha Bhaskara Thuy Nguyen Paul Clark Ruby B. Lee Cynthia Irvine Terry Benzel 2009 Securing the Dissemination of Emergency Response Data with an Integrated Hardware-Software Architecture 2nd International Conference on Trusted Computing (TRUST 2009) Oxford, U.K. 133-156 April 2009 During many crises, access to sensitive emergency-support information is required to save lives and property. For example, for effective evacuations first responders need the names and addresses of non-ambulatory residents. Yet, currently, access to such information may not be possible because government policy makers and third-party data providers lack confidence that today’s IT systems will protect their data. Our approach to the management of emergency information provides first responders with temporary, transient access to sensitive information, and ensures that the information is revoked after the emergency. The following contributions are presented: a systematic analysis of the basic forms of trusted communication supported by the architecture; a comprehensive method for secure, distributed emergency state management; a method to allow a userspace application to securely display data; a multifaceted system analysis of the confinement of emergency information and the secure and complete revocation of access to that information at the closure of an emergency. 0 Jeffrey S. Dwoskin Mahadevan Gomathisankaran David Champagne Ruby B. Lee 2009 SP Reference Manual Addendum -- Secure Stacks for TSMs and Emulation of SP Interrupt Protection Princeton University Department of Electrical Engineering Technical Report CE-L2009-006 August 2009 http://palms.ee.princeton.edu/PALMSopen/techreports/Dwoskin2009SecureStacks.pdf 0 Tian Lan Xiaojun Lin Mung Chiang Ruby B. Lee 2008 Stability and Benefits of Suboptimal Utility Maximization submitted to IEEE Transactions on Networking Nov. 4 0 Jeffrey S. Dwoskin Ganesha Bhaskara Thuy D. Nguyen Ruby B. Lee 2008 SecureCore Prototype/Demo Manual Princeton University Department of Electrical Engineering Technical Report CE-L2008-009 August 2008 Updated August 25 2009 http://palms.ee.princeton.edu/PALMSopen/techreports/Dwoskin2009SecureCoreDemo1.1v1.pdf 0 Jeffrey S. Dwoskin Ruby B. Lee 2008 SP Processor Architecture Reference Manual Princeton University Department of Electrical Engineering Technical Report CE-L2008-008 August 2008 http://palms.ee.princeton.edu/PALMSopen/techreports/Dwoskin2008SP_Reference1.0.pdf 0 Yu-Yuan Chen Ruby B. Lee 2008 SP-PAX: Hardware implementation of SP module with PAX cryptoprocessor Princeton University Department of Electrical Engineering Technical Report CE-L2008-006 April 2008 http://palms.princeton.edu/system/files/SP-PAX_1.8.pdf 3 Dwoskin, Jeffrey Xu, Dahai Huang, Jianwei Chiang, Mung Lee, Ruby B. 2007 Secure Key Management Architecture Against Sensor-node Fabrication Attacks IEEE GlobeCom 2007 Washington, DC November 2007 Abstract?In lightweight mobile ad hoc networks, both probabilistic and deterministic key management schemes are fragile to node fabrication attacks. Our simulation results show that the Successful Attack Probability (SAP) can be as high as 42.6% with the fabrication of only 6 copies from captured nodes comprising only 3% of all nodes. In this paper, we propose two low-cost secure-architecture-based techniques to improve the security against such node fabrication attacks. Our new architectures, speci?cally targeted at the sensor-node platform, protect long-term keys using a root of trust embedded in the hardware System-on-a-Chip (SoC). This prevents an adversary from extracting these protected long-term keys from a captured node to fabricate new nodes. The extensive simulation results show that the proposed architecture can signi?cantly decrease the SAP and increase the security level of key management for mobile ad hoc networks. 31 Dwoskin, Jeff Lee, Ruby B. 2007 SP Processor Architecture Reference Manual Princeton University Department of Electrical Engineering Technical Report CE-L2007-009 11/21/2007 Version 0.7 3 Champagne, David Lee, Ruby B. 2006 Scope of DDoS Countermeasures: Taxonomy of Proposed Solutions and Design Goals for Real-World Deployment 8th International Symposium on Systems and Information Security (SSI'2006) November 2006 DDoS Countermeasures, Design Goals, Distributed Denial of Service (DDoS), Taxonomy. Distributed Denial of Service (DDoS) attacks have been plaguing the Internet for several years. They cause economic losses due to the unavailability of services and potentially serious security problems due to incapacitation of critical infrastructures. Such severe implications lead the research community to strive to find DDoS countermeasures. In spite of all the ideas that have been developed, a practical and comprehensive defense system has yet to be deployed Internetwide. Through a novel taxonomy, this paper classifies and describes DDoS countermeasures developed by industry and academia. To our knowledge, our taxonomy is the first to unify such a large body of work into a single, detailed classification. Based on the analysis of these ideas, we then introduce design goals and principles that can guide the development of a practical DDoS solution. http://palms.ee.princeton.edu/PALMSopen/champagne06DDoS.pdf 3 Potlapally, Nachiketh Raghunathan, Anand Ravi, Srivaths Jha, Niraj Lee, Ruby B. 2006 Satisfiability-based Framework for Enabling Side-channel Attacks on Cryptographic Software Proceedings of the Conference on Design, Automation and Test in Europe (DATE 2006) Munich, Germany 18-23 March 2006 http://palms.ee.princeton.edu/PALMSopen/potlapally06satisfiability.pdf 0 Lee, Ruby B. Yang, Xiao Shi, Zhijie Jerry 2005 Single-Cycle Bit Permutations with MOMR Execution Journal of Computer Science and Technology 20 5 577-585 September 2005 permutation, bit permutations, cryptography, cryptographic acceleration, security, multi-word operation, datarich execution, MOMR, instruction set architecture, ISA, processor, high performance secure computing http://palms.ee.princeton.edu/PALMSopen/lee05single-cycle.pdf 3 Kocher, Paul Lee, Ruby B. McGraw, Gary Raghunathan, Anand Ravi, Srivaths 2004 Security as a New Dimension in Embedded System Design Proceedings of the 41st Design Automation Conference (DAC 2004) San Diego, California, USA 753-760 June 2004 http://palms.ee.princeton.edu/PALMSopen/Lee-41stDAC_46_1.pdf 3 Dwoskin, Jeffrey Basu, Sujoy Talwar, Vanish Kumar, Raj Kitson, Fred Lee, Ruby B. 2003 Scoping Security Issues for Interactive Grids Proceedings of the 37th Asilomar Conference on Signals, Systems, and Computers Pacific Grove, California, USA 367-373 Nov. 2003 http://palms.ee.princeton.edu/PALMSopen/dwoskin03scoping.pdf 3 Shi, Zhijie Lee, Ruby B. 2002 Subword Sorting with Versatile Permutation Instructions Proceedings of the International Conference on Computer Design (ICCD 2002) Freiburg, Germany 234-241 Sept. 2002 http://palms.ee.princeton.edu/PALMSopen/shi02subword.pdf 3 Ravi, Srivaths Raghunathan, Anand Potlapally, Nachiketh 2002 Securing Wireless Data: System Architecture Challenges Proceedings of the 15th IEEE International Symposium on System Synthesis (ISSS 2002) Kyoto, Japan 195-200 Oct. 2002 http://palms.ee.princeton.edu/PALMSopen/ravi02securing.pdf 3 Ravi, Srivaths Raghunathan, Anand Potlapally, Nachiketh Shankardass, Murugan 2002 System Design Methodologies for a Wireless Security Processing Platform Proceedings of the 39th ACM/IEEE Design Automation Conference (DAC 2002) New Orleans, Louisiana, USA 777-782 June 2002 http://palms.ee.princeton.edu/PALMSopen/ravi02system-level.pdf 3 Lee, Ruby B. 2000 Subword Permutation Instructions for Two-Dimensional Multimedia Processing in MicroSIMD Architectures Proceedings of the IEEE International Conference on Application-Specific Systems, Architectures and Processors (ASAP 2000) Boston, Massachusetts, USA 3-14 July 2000 http://palms.ee.princeton.edu/PALMSopen/lee00subword.pdf 0 Jakub Szefer Jason Bau John C. Mitchell Ruby B. Lee 2011 Trust but Verify: Trust Evidence for Hypervisor-Secure Virtualization Princeton University Department of Electrical Engineering Technical Report CE-L2011-008 Nov. 16, 2011 3 Chun Hok Ho Wayne Luk Jakub M. Szefer Ruby B. Lee 2009 Tuning Instruction Customisation for Reconfigurable System-on-Chip Proceedings of the 22nd IEEE International SOC Conference Sept. 9-11, 2009 This paper describes four techniques for tuning instruction customisation for reconfigurable SoC devices. The proposed approach has been used in deriving custom instructions for advanced bit manipulation applications for the Xilinx MicroBlaze processor. We show that for a transfer coding application, a custom instruction with an increase of 13% in area can result in performance improvement of over 33 times. 3 David Champagne Reouven Elbaz Ruby B. Lee 2008 The Reduced Address Space for Application Memory Authentication Proceedings of the 11th Information Security Conference (ISC'08) September 2008 3 Elbaz, Reouven Champagne, David Lee, Ruby B. Torres, Lionel Sassatelli, Gilles Guillemin, Pierre 2007 TEC-Tree: A Low Cost, Parallelizable Tree for Efficient Defense against Memory Replay Attacks Proc. Workshop on Cryptographic Hardware and Embedded Systems (CHES 2007) Vienna, Austria 289-302 September 2007 Replay attacks are often the most costly attacks to thwart when dealing with off-chip memory integrity. With a trusted System-on-Chip, the existing countermeasures against replay require a large amount of on-chip memory to provide tamper-proof storage for metadata such as hash values or nonces. Tree-based strategies can be deployed to reduce this unacceptable overhead; for example, the well-known Merkle tree technique decreases this overhead to a single hash value. However, it comes at the cost of performance-killing characteristics for embedded systems ? e.g. non-parallelizable hash computations on tree updates. In this paper, we propose an alternative solution: the Tamper-Evident Counter Tree (TEC-Tree). It allows for tamper-evident off-chip storage of the nonces involved in a replay countermeasure; TEC-Tree parallelizes the computations involved in both the authentication and tree update processes. Moreover, because our tree relies on block encryption, it provides data confidentiality at no extra cost. TEC-Tree is a deployable solution for memory integrity, with low performance hit and hardware cost. Lecture Notes in Computer Science (LNCS) Volume 4727 31 Elbaz, Reouven Champagne, David Lee, Ruby B. 2007 TEC-Tree: A Low Cost and Parallelizable Tree for Efficient Defense against Memory Replay Attacks Princeton University Department of Electrical Engineering Technical Report CE-L2007-002 March 2007 3 Ruby B. Lee 2016 Using Moving Target Defense for Secure Hardware Design Princeton University Department of Electrical Engineering Technical Report CE-L2016-002 3 Pramod A. Jamkhedkar Christopher C. Lamb Gregory L. Heileman 2011 Usage Management in Cloud Computing in Proceedings of the International Conference on Cloud Computing (IEEE Cloud) July 4-9, 2011 0 Ganesha Bhaskara Timothy E. Levin Thuy D. Nguyen Cynthia E. Irvine Terry V. Benzel Jeffrey S. Dwoskin Ruby B. Lee 2006 Virtualization of a Processor-based Crypto-Protection Mechanism and Integration within a Separation Kernel Architecture Princeton University Department of Electrical Engineering Technical Report CE-L2006-006 November 2006 http://palms.ee.princeton.edu/PALMSopen/techreports/bhaskara06virtualization.pdf 3 Lee, Ruby B. Yang, Xiao Shi, Zhijie Jerry 2004 Validating Word-oriented Processors for Bit and Multi-Word Operations Proceedings of the Asia-Pacific Computer Systems Architecture Conference (ACSAC 2004) Beijing, China 473-488 Sept. 2004 http://palms.ee.princeton.edu/PALMSopen/lee04validating.pdf 3 Fiskiran, Murat Lee, Ruby B. 2002 Workload Characterization of Elliptic Curve Cryptography and other Network Security Algorithms for Constrained Environments Proceedings of the 5th IEEE Annual Workshop on Workload Characterization (WWC-5) Austin, Texas, USA 127-137 Nov. 2002 http://palms.ee.princeton.edu/PALMSopen/fiskiran02workload-presentation-with-reference.pdf