Talk: Securing Systems on Top of Insecure Hardware
Andrew Kwong: Ph.D. Candidate, University of Michigan, Computer Science and Engineering Department
LIVE STREAM: https://uwmadison.zoom.us/j/97698143977?pwd=UkNlcmxUSW1RUnFmUDZZaW1neWl3Zz09
Abstract: The gap between abstract models used to reason about the security of systems and the reality of implementing them on imperfect hardware often has subtle security ramifications. In recent years, “side-channel” attacks have exploited this gap to extract sensitive information across nearly all hardware backed security domains, resulting in even secure, well designed software systems being compromised.
My work on modeling the attack surface exposed by side-channels lays the foundation for how to effectively secure computer systems against these attacks in a principled manner. In this talk, I will present some of my work on analyzing and uncovering adversarial capabilities with regards to side-channels against memory integrity (i.e. Rowhammer) and cryptographic systems, trusted execution environments (TEE), and speculative execution attacks. I’ll also discuss the real world impact of my research, and how it has resulted in hardening widely deployed systems, including OpenSSH, Intel’s Software Guard Extensions (SGX), and Chrome’s Password Leak Detection service.
Minibio: Andrew Kwong is a Ph.D. candidate in the University of Michigan’s Computer Science and Engineering Department. His research in hardware security at the intersection between software, hardware, and applied cryptography aims to secure the next generation of computers against side-channel attacks. His work focuses on real-world systems, and as a direct result, millions of computers have been hardened against side-channels via kernel patches, countermeasures in popular software libraries, and CPU microcode updates. Accordingly, his research has been highlighted in popular media outlets, including Ars Technica, Wired, ZDNet, and The Register, among others.