Device and System Security
Device and system security is of utmost strategic importance to Switzerland. With IT forming the foundation for all key pillars in the society, Switzerland fundamentally relies on commodity devices, systems and/or IT services developed abroad with no verifiable or certifiable evidence of trustworthiness and not open to inspection. Moreover, most modern devices are vulnerable to a plethora of side-channel attacks in hardware due to resource sharing and have been designed with little attention or consideration to security/privacy beyond conventional approaches to program isolation. On the flipside, Switzerland is well-positioned as a promoter of a brand for trustworthiness to pioneer technologies for secure devices and systems that are open to inspection.
In this pillar, we propose to build devices and systems ground up with security and privacy as a contract between software and hardware. Modern approaches to adding ad hoc hardware mechanisms to established vendor CPU’s (e.g., x86, ARM) and patching the software stack to use the mechanisms not only do not address side-channel attacks at a fundamental level but also increase the software complexity which potentially leads to more vulnerability. Moreover, with the slowdown in silicon scaling, the emergence of a spectrum of heterogeneous accelerators in a single device and the move towards decentralized device components with potentially multiple network endpoints, CPU-centric solutions will be less effective.
We will develop software interfaces to hardware components in a device that would guarantee no window of observability for resource sharing with well-defined advertised semantics, which can be used as a building block for building systems and application software that have guaranteed (and verifiable) security properties. Such behaviour can then be inspected and verified in both software and hardware, and can be used to make sure that power and thermal management approaches are compatible with security and privacy constraints imposed by the application target. In the earlier stages of this pillar we will rely on an open-source device ecosystem (e.g., RISC-V) to test the technologies in an IoT environment. IoT devices are emerging as a prevalent substrate in cyber-physical systems with a lower barrier to deployment. These devices also have shallower stacks and software ecosystems allowing for more intrusive co-designed hardware and software solutions for trustworthiness. Moreover, our ground-up technologies (both hardware and software stack) would also be suitable for new accelerator components (in specialized ICs or mapped in reconfigurable hardware as FPGAs) as they emerge in established commodity platforms from mobiles to servers since these architectures are less dependent on the rigid software ecosystem of established CPU’s and similar to IoT’s.
EPFL’s device and system security team has had a long history of pioneering not just hardware and accelerator architectures, but also methodologies for design and verification of integrated silicon devices and operating systems, system software design and co-optimization, and virtualization with a proven track record of technology transfer.