IOTEE: Securing and analysing trusted execution beyond the CPU

Lead Research Organisation: University of Southampton
Department Name: Sch of Electronics and Computer Sci

Abstract

Trusted Execution Environments (TEEs) allow users to run their software in a secure enclave while assuring the integrity and confidentiality of data and applications. However, cloud computing these days relies heavily on peripherals such as GPUs, NICs, and FPGAs. Extending the security guarantees of CPU TEEs to such accelerators is currently not possible. New technologies are being proposed to address this, notably the PCIe Trusted Device Interface Security Protocol (TDISP).
IOTEE is aims to evaluate the security guarantees of this new PCIe standard and its ability to provide trusted execution against strong adversaries. This will involve developing an emulator for the protocol, the use of formal modelling, as well as researching countermeasures against various software and hardware attacks.

Publications

10 25 50
 
Title DL2Fence: Integrating Deep Learning and Frame Fusion for Enhanced Detection and Localization of Refined Denial-of-Service in NoC 
Description Network-on-Chips (NoCs) are increasingly vulner- able to Flooding Denial-of-Service (FDoS) attacks initiated by untrusted third-party IPs or maliciously data-intensive workloads. The main impacts on NoCs are performance degradation and sharp increases in additional power consumption. Therefore, advanced detection and localization for FDoS are essential. Ex- isting flooding models often fall short in capturing the varied consequences of these attacks, such as traffic congestion, deadlock, or system crashes. State-of-the-art approaches struggle to balance detection accuracy with hardware overhead, particularly as NoC scale increases. This paper first introduces a Flooding Injection Rate (FIR)-adjustable threat model that vividly illustrates the diverse effects of flooding within NoCs, causing system latency to rise from 1.1 to 60 times the normal value. We then present a comprehensive security framework leveraging Convolutional Neural Networks (CNNs) for DoS detection and localization. The framework introduces novel techniques like Multi-Frame Fusion (MFF) for enhanced attack path and victim localization, and a Table-Like Method (TLM) for attacker localization. We utilize Virtual Channel Occupancy (VCO) and Buffer Operation Counts (BOC) as cascaded feature sets. Our approach achieves overall detection and localization accuracies of 0.958 and 0.917, with precisions of 0.985 and 0.993 in a 16 x 16 mesh NoC, respectively. Notably, the hardware overhead percentage of the framework decreases in larger-scale NoCs due to our global detection and localization strategy; the overhead is reduced by 76.3% when scaling from an 8x8 (1.9%) NoC to a 16x16 (0.45%) NoC. Our approach demonstrates an effectively decreasing hardware overhead percentage as the system scales up, in contrast to the fixed proportions seen in other state-of-the-art works. Our CNN- based DoS monitor strikes an optimal balance between accuracy and hardware overhead, advancing the state-of-the-art in NoC- based DoS detection and localization. It offers a scalable and efficient solution well-suited for modern SoCs. 
Type Of Material Improvements to research infrastructure 
Year Produced 2024 
Provided To Others? No  
Impact Improving working with accelerators in SoC and score manner 
 
Description UK-US Semiconductor Security Workshop 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Industry/Business
Results and Impact The workshop is aimed at brings together leading UK and US industry, government and academic experts in semiconductor security to discuss the challenges and opportunities in this sector. The outputs of the workshop will be published as a whitepaper. The themes of the workshop will include:
Hardware Security
Primitives RISC-V security
Semiconductor supply chain security
Hardware-based attacks and countermeasures
Formal methods and tools for secure design and verification
System security
Year(s) Of Engagement Activity 2023
URL https://www.ukrise.org/workshop/