Welcome! A Solder-Defined Computer Architecture for Backdoor and Malware Resistance Examinee: Marc W. Abel Committee: Travis Doom, Ph.D. (chair) Jack Jean, Ph.D. Michael Raymer, Ph.D. Krishnaprasad Thirunarayan, Ph.D. (T.K. Prasad) Vincent Schmidt, Ph.D. (Air Force Research Laboratory) For slides: https://wakesecure.com Department of Computer Science and Engineering Marc W. Abel A Solder-Defined Computer Architecture 9 September 2020 1 / 28
Welcome! Today’s conversation Introduction 1 Why computer hardware is a serious problem Aspiration 2 A logic family for solder-defined architectures Combinational logic 3 Arithmetic logic unit Sequential logic 4 Central processing unit Closing 5 Contributions, milestones, and questions Marc W. Abel A Solder-Defined Computer Architecture 9 September 2020 2 / 28
Why computer hardware is a serious problem To increase security, reduce complexity SECURITY COMPLEXITY Marc W. Abel A Solder-Defined Computer Architecture 9 September 2020 3 / 28
Why computer hardware is a serious problem What’s wrong with our hardware? Too complex Not well controlled by buyers Does not consider needs of software Not enough alternatives Marc W. Abel A Solder-Defined Computer Architecture 9 September 2020 4 / 28
Why computer hardware is a serious problem Categories of vulnerability-inducing hardware irregularities Category I II III Origin purposeful unexpected malicious Example arithmetic wrap RowHammer hidden backdoor Software fix? yes no no VLSI fix? yes yes no Manufacturing fix? yes yes yes Marc W. Abel A Solder-Defined Computer Architecture 9 September 2020 5 / 28
Why computer hardware is a serious problem Category I example: Integer wraparound (Category I irregularities exist for a purpose.) C programmers used to write: c = a + b; Today, they would need to write: if (b > 0 && a > (INT_MAX - b) || b < 0 && a < (INT_MIN - b)) longjmp(CATCHIT, SIGNED_ADD_OVERFLOW); else c = a + b; Marc W. Abel A Solder-Defined Computer Architecture 9 September 2020 6 / 28
Why computer hardware is a serious problem Some well-known Category II irregularities (Category II irregularities are unplanned and unexpected.) When Architecture Name Synopsis 1985 80386 multiply bug arithmetic error 1994 Pentium FDIV arithmetic error 1998 Pentium F00F lockup 2003 Via C3 God mode privilege escalation 2008 Intel AMT Silent Bob full control of everything 2015 DRAM RowHammer memory corruption 2017 x86 Spectre read others’ memory 2017 x86, POWER, ARM Meltdown read all memory 2020 Intel SGX load value inj. inject data values 2020 Intel CSME [M. Ermolov] broken authentication Marc W. Abel A Solder-Defined Computer Architecture 9 September 2020 7 / 28
Why computer hardware is a serious problem Actual and rumored Category III exploits (Category III irregularities are intentionally malicious.) Who Architecture Synopsis AMD Platform Security Processor hypothesized backdoor Apple iPhone 6 + iOS 10.2.1 sabotaged performance Deere 8520T tractor right to repair infringements Huawei 5G cellular infrastructure potential for China influence Intel Management Engine hypothesized backdoor Intel RDRAND instruction non-randomness suspicions NSA ANT Catalog implantable surveillance products VIA C3 (x86 clone) backdoors claimed by C. Domas ZTE 5G cellular infrastructure potential for China influence Marc W. Abel A Solder-Defined Computer Architecture 9 September 2020 8 / 28
Why computer hardware is a serious problem Proposed Category III countermeasures Proponent Synopsis Michael Pompeo geopolitical controls Adam Waksman lock down VLSI supply chain Eric Love add formal proofs of security to hardware IP Mirko Holler X-ray ptychographic inspection This proposal Marc Abel complex logic to be built by end user Marc W. Abel A Solder-Defined Computer Architecture 9 September 2020 9 / 28
Why computer hardware is a serious problem The work of this proposal targets all categories Category I II III Origin purposeful unexpected malicious Example arithmetic wrap RowHammer hidden backdoor Software fix? yes no no VLSI fix? yes yes no Manufacturing fix? yes yes yes Marc W. Abel A Solder-Defined Computer Architecture 9 September 2020 10 / 28
A logic family for solder-defined architectures Computers were once BIG The speaker using an IBM 1130. Norwester , 62, p. 73 (1986). Used with permission. Marc W. Abel A Solder-Defined Computer Architecture 9 September 2020 11 / 28
A logic family for solder-defined architectures SRAM logic gate During operation During initialization input input 16 16 address address write SRAM SRAM enable ctrl data data 16 16 16 ✁ rmware ¬ctrl output output Marc W. Abel A Solder-Defined Computer Architecture 9 September 2020 12 / 28
A logic family for solder-defined architectures SRAM logic gate sample application Slot Use 0 L + R 1 L − R L R 2 R − L 3 NOT L 4 L AND R 6 6 5 L NAND R 6 L OR R 4 operation 7 L NOR R SRAM select 8 L XOR R 9 L AND NOT R 10 L × R, low 6 bits 6 11 L × R, high 6 bits 12 shifts/rotations of L (select by R) Y 13 permutations of L (select by R) 14 L encrypted with key R 15 L decrypted with key R Marc W. Abel A Solder-Defined Computer Architecture 9 September 2020 13 / 28
Arithmetic logic unit Block diagram of 36-bit ALU α op sel left operand L 2 right operand R 0 4 6 6 α 5 α 3 α 0 α 4 α 2 α 1 propagate p 5 β op sel c 5 4 carry β 5 β 4 β 3 β 2 β 1 β 0 θ γ op sel d 5 3 carry decision γ 5 γ 4 γ 3 γ 2 γ 1 γ 0 6 to zero-detect NAND result Y 2 Marc W. Abel A Solder-Defined Computer Architecture 9 September 2020 14 / 28
Arithmetic logic unit Flag handling for 36-bit ALU γ 5 γ 5 idea of N 3 θ op sel control θ new N control α 5 idea prev T of N which N? prev R new R ζ prev Z new T prev N new I ζ op sel flip Z? 4 Z allowed new Z α 5 encoded range addl sel 6 4 γ i is zero Marc W. Abel A Solder-Defined Computer Architecture 9 September 2020 15 / 28
Arithmetic logic unit CPU flag meanings Flag Name Purpose I Interrupt array bound check failed N Negative arithmetic: result < 0; logic: bit 35 set R Range a previous result did not fit destination T Temporal range the most recent result did not fit destination Z Zero result is all zeros Marc W. Abel A Solder-Defined Computer Architecture 9 September 2020 16 / 28
Arithmetic logic unit 32 supported subtraction operations ; The assembler for the ALU simulation uses this syntax. unsigned au bu cu signed as bs cs ; ordinary ; subtract ; reverse ; reverse subtract ; subtract ; with carry ; subtract ; with carry cu = au - bu cu = au -- bu cu = au ~- bu cu = au ~-- bu cu = au - bs cu = au -- bs cu = au ~- bs cu = au ~-- bs cu = as - bu cu = as -- bu cu = as ~- bu cu = as ~-- bu cu = as - bs cu = as -- bs cu = as ~- bs cu = as ~-- bs cs = au - bu cs = au -- bu cs = au ~- bu cs = au ~-- bu cs = au - bs cs = au -- bs cs = au ~- bs cs = au ~-- bs cs = as - bu cs = as -- bu cs = as ~- bu cs = as ~-- bu cs = as - bs cs = as -- bs cs = as ~- bs cs = as ~-- bs Marc W. Abel A Solder-Defined Computer Architecture 9 September 2020 17 / 28
Arithmetic logic unit Screenshot from ALU simulation Marc W. Abel A Solder-Defined Computer Architecture 9 September 2020 18 / 28
Central processing unit Projected CPU capabilities and metrics 36-bit architecture 10 MIPS preemptive multitasking memory protection I/O bus protection 20 × 20 cm approximate size first unit cost < $1000 Marc W. Abel A Solder-Defined Computer Architecture 9 September 2020 19 / 28
Central processing unit Potential applications Fast enough for Too slow for hardened desktop applications most Web surfing electronic mail machine learning light- to moderate-use servers image and video processing control objects that move self-driving vehicles process controls fast raster or vector graphics peripheral and device controllers fast symmetric cryptography telephony fast asymmetric cryptography modest Ethernet switches micro air vehicles Marc W. Abel A Solder-Defined Computer Architecture 9 September 2020 20 / 28
call depth call depth * * call depths call depths counter counter CPU cycle depiction with static program program return return * * addresses addresses counter counter RAM drawn as boxes code RAM code RAM Figure enlarged on proposal page 29 register le register le register le register le instruction instruction * * * * left copy left copy right copy right copy decoder decoder ag ag † † immediate immediate * * ALU ALU registers registers value insertion value insertion † † † † ALU ALU ALU ALU overrange overrange † † † † ALU ALU detection detection update update * * page table page table update ags update ags register les register les asynchronous asynchronous data RAM data RAM input & output input & output memory/register memory/register * Additional input speci es the program that is running. * Additional input speci es the program that is running. transfer transfer † Additional input comes from the instruction decoder. † Additional input comes from the instruction decoder.
Recommend
More recommend
