# 6.888 Secure Hardware Design

V 0.2

Mengjia Yan

Spring 2022





### Today's Agenda

- Introduce yourself
- Logistics
- Course Overview

## **Introduce Yourself**





#### **Basic Administrivia**

- Instructor:
  - Mengjia Yan mengjia@csail.mit.edu
  - Office: 32G-840
  - Office Hours: By Appointment
- TA:
  - Joseph Ravichandran jravi@mit.edu
  - Office: 32-G786
  - Office Hours: Tuesdays 5:00pm to 7:00pm, or by appointment

- Website: http://csg.csail.mit.edu/6.888Yan/
  - Paper readings
  - Syllabus
  - Assignments
- Piazza:
  - Announcements
  - Discussions
- *HotCRP*: Submit paper reviews

# **Course Logistics**





#### **Pre-requisites and Course Organization**

- Pre-requisite:
  - Basic computation structure course (6.004)

- Study hardware security problems, Research-oriented
- Each topic consists
  - An Overview Lecture
  - 1-2 Paper Discussion Sessions
  - A Lab Assignment

### **Course Website**

#### http://csg.csail.mit.edu/6.888Yan/

Generally, paper discussions are scheduled on Monday, except for holidays

#### **Recording:**

- Lectures and some recitations will be recorded.
- Paper discussions will not be recorded.



Hack Day only for Lab 1. Note that the other labs **do not** have hack days.

#### **Assignments and Grading**

- Paper reviews (~1 paper/week) 15%
  - summary + 1-2 discussion questions
  - An example on Feb 14 Monday -> First paper summary DUE on Feb 13
- Discussion 15%
  - Discussion lead for 1 paper 10%
  - Participation 5%
- 5 Lab assignments 70%
  - Each lab 14%
  - A final project can replace labs 3, 4, and 5, and will be worth 42%

#### **Discussion Format**

- Every student will write a review for each paper
  - summary, comments on pros and cons, and key takeaways
  - 1-2 discussion questions
  - Due @midnight before each class
  - Submit via HotCRP (You can see others reviews (anonymous) after submitting yours)
- Each paper will have one student as the lead presenter
  - 45-min presentation content + Discussion
  - Send slides to me 24 hours before the lecture

#### Hardware Security: The Evil and The Good

• Attack modern processors to understand HW vulnerabilities



• Know how to design defenses better



#### **5 Lab Assignments**

- Attacks on real processors:
  - 1. Cache-based Side Channel Attack
  - 2. Speculative Execution Attack
  - 3. Website Fingerprinting Attack
  - 4. Rowhammer Attack
  - 5. ASLR Bypassing





#### Lab Contributors



Joseph Ravichandran



Peter Deutsch



Jack Cook



Weon Taek Na



Miguel Gomez-Garcia 6.888 - L1 Introduction



Yuheng Yang



Mengyuan Li

### **Final Project**

- Original research project
- Deliverables
  - Proposal (schedule pre-proposal meetings with me)
  - Weekly report (short and informal)
  - Final report + Final presentation
- Open-ended topics
  - Must have some hardware security angle

### **Collaboration Policy and Warning**

- Discussions are always encouraged.
- You should carefully acknowledge all contributions of ideas by others, whether from classmates or from sources you have read.
- <u>MIT academic integrity</u> guidelines

#### Warning

- Please don't attack other people's computers or information without their prior permission.
- <u>MIT network rules</u>

## **Course Overview**





#### **Refresh Basic Computer Architecture**

On blackboard

#### **Threat Model and Why Hardware Security?**



Computing Systems

#### Meltdown & Spectre on the Headlines in 2018

# Meltdown and Spectre: 'worst ever' CPU bugs affect virtually all computers

Everything from smartphones and PCs to cloud computing affected by major security flaw found in Intel and other processors – and fix could slow devices.

Quotes from

https://www.theguardian.com/technology/2018/jan/04/melt down-spectre-worst-cpu-bugs-ever-found-affect-computersintel-processors-security-flaw





It is not a bug!

# The attacks target the key micro-architecture mechanism of processors: speculative execution.



#### Meltdown & Spectre Break Memory Isolation



e01d8110: 61 78 20 6f 72 20 73 74 61 74 65 20 6d 61 63 68 |ax or state mach| e01d8120: 69 6e 65 2c 20 69 74 20 69 73 20 62 65 69 6e 67 |ine, it is being| e01d8130: 20 75 73 65 64 20 77 69 74 68 20 61 75 74 68 6f | used with autho e01d8140: 72 69 7a 61 74 69 6f 6e 20 66 72 6f 6d 0a 20 53 |rization from. S e01d8150: 69 6c 69 63 6f 6e 20 47 72 61 70 68 69 63 73 2c |ilicon Graphics, e01d8160: 20 49 6e 63 2e 20 20 48 6f 77 65 76 65 72 2c 20 | Inc. However, e01d8170: 74 68 65 20 61 75 74 68 6f 72 73 20 6d 61 6b 65 |the authors make e01d8180: 20 6e 6f 20 63 6c 61 69 6d 20 74 68 61 74 20 4d | no claim that M e01d8190: 65 73 61 0a 20 69 73 20 69 6e 20 61 6e 79 20 77 |esa. is in any w e01d81a0: 61 79 20 61 20 63 6f 6d 70 61 74 69 62 6c 65 20 |ay a compatible **e01d81b0**: 72 65 70 6c 61 63 65 6d 65 6e 74 20 66 6f 72 20 |replacement for e01d81c0: 4f 70 65 6e 47 4c 20 6f 72 20 61 73 73 6f 63 69 |OpenGL or associ e01d81d0: 61 74 65 64 20 77 69 74 68 0a 20 53 69 6c 69 63 |ated with. Silic| e01d81e0: 6f 6e 20 47 72 61 70 68 69 63 73 2c 20 49 6e 63 |on Graphics, Inc e01d81f0: 2e 0a 20 2e 0a 20 54 68 69 73 20 76 65 72 73 69 |.... This versi e01d8200: 6f 6e 20 6f 66 20 4d 65 73 61 20 70 72 6f 76 69 |on of Mesa provi

meltdown@meltdown: ./meltdown

Dump kernel memory content from an **unprivileged** user process.



#### Why We Have Many Hardware Vulnerabilities?



*Computer Architecture Design Goals* 

6.888 - L1 Introduction

# **Preview of Selected Topics**





#### **Micro-architecture Side Channels**



[\*] Kiriansky et al. DAWG: a defense against cache timing attacks in speculative execution processors. MICRO'18

6.888 - L1 Introduction

#### **Micro-architecture Side Channel**



#### **Micro-architecture Side Channels**



[\*] Kiriansky et al. DAWG: a defense against cache timing attacks in speculative execution processors. MICRO'18

6.888 - L1 Introduction

#### **Oblivious Programming**



#### **Micro-architecture Side Channels**



[\*] Kiriansky et al. DAWG: a defense against cache timing attacks in speculative execution processors. MICRO'18

6.888 - L1 Introduction





#### **Physical Attacks**



ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels

#### **Physical Attacks**

• Modern physical side channels can be done remotely



#### **Memory Safety**

- Classical memory corruptions bugs
  - E.g., buffer overflow
- HW: accelerators for security checks
- A more interesting question: what is a good abstraction?



# Next: Secure Processors in Industry



