Seminar: Hardware is the New Software: Automating the Security Validation of Hardware Designs

Abstract: Bugs in hardware designs can create vulnerabilities that open the machine to attack. Despite mature functional validation tools and new research in designing secure hardware, the question of how to find and recognize those bugs remains open. In response to this question, my students and I are developing the science of security validation of hardware designs. The first projects I will discuss are a set of security specification miners; each miner identifies security-critical properties of a design specified at the register transfer level. The miners range from semi-automatic to fully automatic, can express properties in propositional logic and temporal logic, and target both open-source RISC processors and x86. In a second set of papers, we developed Coppelia, a symbolic execution engine that explores a hardware design and generates complete exploits for the security bugs it finds. We use Coppelia and our set of generated security properties to find new bugs in the open-source RISC-V and OR1k CPU architectures. Finally, we build a tool that automatically translates security properties crafted for one design to make them suitable to a second design. Taken together, the body of research has the potential to move the current industry standard of manual security review forward to a new standard of systematic and automatic security validation of hardware designs. I will discuss some of the preliminary steps we have taken to effect tech transfer with a major chip company.

Bio: Cynthia Sturton is an Assistant Professor and Peter Thacher Grauer Fellow at the University of North Carolina at Chapel Hill. She leads the Hardware Security @ UNC research group to investigate the use of static and dynamic analysis techniques to protect against vulnerable hardware designs. Her research is funded by several National Science Foundation awards, the Semiconductor Research Corporation, Intel, a Junior Faculty Development Award from the University of North Carolina, and a Google Faculty Research Award. She was recently awarded the Computer Science Departmental Teaching Award at the University of North Carolina. Sturton received her B.S.E. from Arizona State University and her M.S. and Ph.D. from the University of California, Berkeley.