Hardware-Assisted Defenses for Data Integrity and Confidentiality

Abstract

The increasing complexity of modern computing systems and their exposure to the internet expose sensitive data to a range of security threats from remote adversaries. Bugs in software can lead to run-time attacks that gain direct access to sensitive data in memory, compromising its integrity and confidentiality. Furthermore, hardware and/or compiler optimizations can introduce data-dependent behavior that expose sensitive data to side-channel leakage, even in the absence of software bugs, breaking confidentiality.

As business needs evolve, different usage scenarios, such as outsourced computation, have gained popularity, making the task of protecting data integrity and confidentiality more complex. This dissertation investigates how the integrity and confidentiality of sensitive data at run-time can be efficiently preserved through hardware-assisted mechanisms. I consider a range of usage scenarios and threat models, from protecting data sent to remote servers for outsourced computation by untrusted code, to protecting data processed locally from other vulnerable or malicious parts of the system.

Specifically, this dissertation addresses: 1. how to efficiently protect data confidentiality against side-channel leakage with negligible overheads. Existing solutions to side-channel leakage suffer from significant overheads, making their deployment difficult in situations where performance is critical. I address this problem with CacheSquash, a software-transparent hardware mechanism to effectively harden against transient side-channel attacks such as Spectre and Meltdown with near-zero overheads. 2. How to combine protections against both direct access and side channels. I propose BliMe, a novel architecture that relies on remote attestation, taint-tracking and hardware-enforced data obliviousness to protect sensitive data processed by untrusted code in an outsourced computation setting. 3. For integrity, I propose PBI, a novel hardware primitive that enables efficient memory protection for sandboxing and in-process isolation, thereby safeguarding both data confidentiality and integrity. 4. Finally, I address how to efficiently combine memory safety and side-channel protection mechanisms for data integrity and confidentiality. For this, I propose BLACKOUT, a hardware-software extension to CHERI that enforces data-oblivious computation on sensitive data, and inherits the memory safety properties of CHERI, all while introducing minimal overheads.

The proposed solutions confirm that hardware-assisted mechanisms can indeed be used to efficiently protect data at run-time, both from direct access and side-channel leakage. I conclude my dissertation with promising directions for future work.