Hardware-Assisted Software Security
The exponential growth of computing power available on commodity hardware led to a similar increase in software complexity. Modern software is usually very complex, includes legacy code, and is composed of various subcomponents coming from different vendors and having different security models. Due to this complexity and heterogeneity, it is very challenging to reason about the security properties of any modern program.
A number of software techniques have been proposed to mitigate those problems. Many of them are based on *integrity* or *isolation*. Software integrity techniques aim to define a policy about what the software should and should not do, and enforce that policy at run time. As an example, Control-Flow Integrity (CFI) enforces which control flow transfers are legal and which are not, i.e., which function can call and return to which function at which moment.
Software isolation techniques aim to protect a component of the program against other, potentially vulnerable, components. As an example, the TLS implementation in a HTTPS server can be isolated from a buggy PHP interpreter.
Both software integrity and isolation techniques can be implemented in pure software, however, the performance overhead is often significant. An alternative approach is to implement part of the system in hardware, leading to substantially better performance. Our research group proposed a number of hardware extensions that facilitate policies like CFI.
Hardware-based isolation is especially powerful: not only it allows to completely isolate a software component (*Trusted Execution Environment*) with low overhead, but it can also enable *remote attestation*, i.e., a process to cryptographically prove to a third party that a specific program is executing in the isolated environment. All the major processor vendors introduced some form of hardware-based isolation: ARM’s TrustZone, Intel’s Software Guard Extensions (SGX), and AMD’s Secure Encrypted Virtualization (SEV).
Our group extensively researched a number of topics related to TEE security, including memory corruption and side channel attacks, and randomization-based defenses. Additionally, we researched how we can improve existing TEEs with additional isolation.