IC Colloquium: Software-Inspired Techniques for Hardware Security
By : Flavien Solt - UC Berkeley
IC Faculty candidate
Abstract
Modern hardware is evolving at an unprecedented pace, yet ensuring its security and functionality remains challenging. Despite extensive validation, non-trivial bugs persist — similar to past software bugs that were eventually mitigated by robust detection methods.
My work demonstrates that, with careful adaptation, proven software techniques can effectively detect hardware security flaws. In this talk, I will describe three lines of work that collectively uncovered over 60 new vulnerabilities. First, our dynamic information flow mechanism CellIFT scales to complex designs and reveals vulnerabilities in a production-ready root-of-trust CPU via new microarchitectural control flow integrity verification techniques. Second, our Cascade CPU fuzzer adapts traditional software fuzzing to hardware, uncovering more architectural bugs than previous efforts together, and finds new exploitable microarchitectural data leakage in established open-source CPUs when combined with CellIFT. Third, our tool TransFuzz targets translation bugs in EDA software that can compromise even seemingly secure hardware, identifying vulnerabilities in popular RTL simulators and synthesizers with confirmed exploitability via arbitrary backdoors.
Bio
Flavien is a postdoc in the SLICE lab at the EECS department at UC Berkeley with Prof. Christopher Fletcher. His research focuses on developing new techniques for testing and ensuring digital hardware correctness and security, resulting in publications in computer architecture and security venues, including USENIX Security, IEEE Symposium on Security & Privacy, MICRO, ISCA, and CCS. His PhD dissertation, completed under the supervision of Prof. Kaveh Razavi at the ITET department at ETH Zurich in 2024, was recognized with the ETH medal.
More information
IC Faculty candidate
Abstract
Modern hardware is evolving at an unprecedented pace, yet ensuring its security and functionality remains challenging. Despite extensive validation, non-trivial bugs persist — similar to past software bugs that were eventually mitigated by robust detection methods.
My work demonstrates that, with careful adaptation, proven software techniques can effectively detect hardware security flaws. In this talk, I will describe three lines of work that collectively uncovered over 60 new vulnerabilities. First, our dynamic information flow mechanism CellIFT scales to complex designs and reveals vulnerabilities in a production-ready root-of-trust CPU via new microarchitectural control flow integrity verification techniques. Second, our Cascade CPU fuzzer adapts traditional software fuzzing to hardware, uncovering more architectural bugs than previous efforts together, and finds new exploitable microarchitectural data leakage in established open-source CPUs when combined with CellIFT. Third, our tool TransFuzz targets translation bugs in EDA software that can compromise even seemingly secure hardware, identifying vulnerabilities in popular RTL simulators and synthesizers with confirmed exploitability via arbitrary backdoors.
Bio
Flavien is a postdoc in the SLICE lab at the EECS department at UC Berkeley with Prof. Christopher Fletcher. His research focuses on developing new techniques for testing and ensuring digital hardware correctness and security, resulting in publications in computer architecture and security venues, including USENIX Security, IEEE Symposium on Security & Privacy, MICRO, ISCA, and CCS. His PhD dissertation, completed under the supervision of Prof. Kaveh Razavi at the ITET department at ETH Zurich in 2024, was recognized with the ETH medal.
More information
Practical information
- General public
- Free
Contact
- Host: Mathias Payer