RISE Seminar 11/15/19: Shrinking the Attack Surface for Expressive Trusted Hardware, a talk by James Mickens

November 15, 2019

Title: Shrinking the Attack Surface for Expressive Trusted Hardware
Speaker: James Mickens (Harvard)
Date and location: Friday, November 15, 11 – 12 pm, Wozniak Lounge
Abstract: Trusted hardware attempts to provide software with silicon-guaranteed security, for some definition of “security.” Unfortunately, modern trusted hardware is either too simple to provide rich notions of security (see TPM chips), or is sufficiently complex that the secure hardware itself is vulnerable to microarchitectural exploits (see SGX and TrustZone). In this talk, I will describe some of these troubling aspects of the human condition. I will then describe some of my research into making these problems less problematic. The basic idea is to run application code on a traditional out-of-order, speculative pipeline, while running a security monitor for the application code on a different pipeline that has almost complete microarchitectural isolation from the application CPU. The “almost” in “almost complete isolation” is important—the monitor CPU requires access to some kind of application register state or memory state so that the state can be checked for control flow integrity or type safety or what not. Determining the subset of microarchitectural features to expose to the monitor CPU raises tricky questions that I will likely try to avoid answering because I am too delicate for the horrors of the world. Thus, the audience should not be surprised if I respond to honest inquiries by telling anecdotes about my childhood in Spain.
Bio: James Mickens did not grow up in Spain. He is, however, a current professor of computer science at Harvard, and a former researcher at MSR Redmond. He got his bachelor’s degree from Georgia Tech, and his PhD from the University of Michigan. He is the author of somewhere between 3 and 915 papers; the exact number is irrelevant, but is big enough. His research focuses on systems, security, and informal reasons for not wanting to use formal methods.