Accelerating Microarchitectural Security Research: A Domain-Specific Language Approach
Event details
| Date | 02.06.2025 |
| Hour | 12:00 › 14:00 |
| Speaker | Guokai Chen |
| Location | |
| Category | Conferences - Seminars |
EDIC candidacy exam
Exam president: Prof. Babak Falsafi
Thesis advisor: Prof. Thomas Bourgeat
Co-examiner: Prof. Mathias Payer
Abstract
Microarchitectural attacks exploit vulnerabilities in CPU components, posing significant threats to modern computing systems. However, current microarchitectural security research relies heavily on hand-crafted, platform-specific code that tends to entangle high-level attack concepts with low-level microarchitectural details and constraints.
To address this challenge, we propose GA, a domain-specific language for microarchitectural security research that decouples microarchitecture-specific details from algorithms.
GA aims to enable programmers to declare and control microarchitectural effects that are typically invisible in programs (e.g., ensuring specific instructions miss in cache, placing variables in the same cache line or ensuring that two branches use aliased BTB entries).
To achieve this, GA propose extensible abstractions and common microarchitectural primitives, with a specific focus on automatically generating precisely placed code and data to produce the desired microarchitectural behaviors. This enables researchers to more easily explore their ideas, test hypothesis across diverse architectures, and migrate attacks between platforms.
Further, GA leverages open source processors for easy early-stage full-visibility explorations.
It introduces high-level abstractions of processor internals to expose a clean and uniform interface for verifying and reasoning about microarchitectural attacks.
The ultimate goal of GA is to provide a systematic framework for describing attacks and an agile environment for testing and analyzing their feasibility across microarchitectures.
Selected papers
1. Half&Half: https://halfandhalf.cpusec.org/index_files/halfhalf_hoseinyavarzadeh_sp23.pdf
2. Rapid: https://www.usenix.org/system/files/sec22-easdon.pdf
3. Hassert: https://dl.acm.org/doi/10.1145/3622781.3698899
Exam president: Prof. Babak Falsafi
Thesis advisor: Prof. Thomas Bourgeat
Co-examiner: Prof. Mathias Payer
Abstract
Microarchitectural attacks exploit vulnerabilities in CPU components, posing significant threats to modern computing systems. However, current microarchitectural security research relies heavily on hand-crafted, platform-specific code that tends to entangle high-level attack concepts with low-level microarchitectural details and constraints.
To address this challenge, we propose GA, a domain-specific language for microarchitectural security research that decouples microarchitecture-specific details from algorithms.
GA aims to enable programmers to declare and control microarchitectural effects that are typically invisible in programs (e.g., ensuring specific instructions miss in cache, placing variables in the same cache line or ensuring that two branches use aliased BTB entries).
To achieve this, GA propose extensible abstractions and common microarchitectural primitives, with a specific focus on automatically generating precisely placed code and data to produce the desired microarchitectural behaviors. This enables researchers to more easily explore their ideas, test hypothesis across diverse architectures, and migrate attacks between platforms.
Further, GA leverages open source processors for easy early-stage full-visibility explorations.
It introduces high-level abstractions of processor internals to expose a clean and uniform interface for verifying and reasoning about microarchitectural attacks.
The ultimate goal of GA is to provide a systematic framework for describing attacks and an agile environment for testing and analyzing their feasibility across microarchitectures.
Selected papers
1. Half&Half: https://halfandhalf.cpusec.org/index_files/halfhalf_hoseinyavarzadeh_sp23.pdf
2. Rapid: https://www.usenix.org/system/files/sec22-easdon.pdf
3. Hassert: https://dl.acm.org/doi/10.1145/3622781.3698899
Practical information
- General public
- Free
Contact
- edic@epfl.ch