Verifiable Hardware Security for Out-of-Order Processors

Security vulnerabilities in software have led to increasingly serious security breaches in recent years, not least because of our dependence on IT infrastructure, which continues to rise with digitization. Processor hardware has long been seen as a reliable and powerful trust anchor - until Spectre and Meltdown, a new class of side-channel attacks, became known in January 2018. Since then, hardware security has become the focus of research and the general public, as evidenced by numerous articles in media outlets around the world.

Spectre and Meltdown belong to the class of so-called Transient Execution attacks. These attacks are particularly serious for hardware-backed security mechanisms, especially secure execution environments (TEEs) such as Intel SGX and ARM Trustzone. TEEs enable secure enclaves that protect processes through hardware-assisted isolation - particularly against privileged system-level attacks, such as compromised operating systems.

This project is motivated by two observations: (I) security vulnerabilities in software result in increasingly serious data breaches and compromised systems, (II) a steady stream of newly discovered microarchitecture attacks undermines confidence in existing models in hardware security. Both of these problems can be solved through a combination of improved hardware as well as better hardware design techniques. Rather than responding to each attack with ad hoc solutions, this project aims to ensure a systematic approach to detecting and protecting against these attacks during the design phase as well as at the hardware level. Specifically, (I) a secure execution environment without vulnerabilities will protect processes from system vulnerabilities and (II) a verifiable side-channel-free processor will ensure that logical separation of processes within the CPU is truly effective and not undermined by design flaws in the hardware.

This project will develop new Electronic Design Automation (EDA) techniques to design microarchitectures that are protected against specific classes of side-channel attacks, including Transient Execution attacks. Building on these side-channel resistance verification tools, the project is exploring new side-channel resistant TEE technology that creates hardware-based trust anchors - a stated goal of this SPP - for the microarchitecture of modern processors. Using the developed tools and TEE, open RISC-V-based processors will be analyzed and made more secure.



This project is funded by Deutsche Forschungsgemeinschaft (DFG).