SECCOM: Securing composable hardware platforms
Lead Research Organisation:
University of Manchester
Department Name: Computer Science
Abstract
Aligned with the UK Research Institute in Secure Hardware and Embedded Systems (RISE), this project seeks to identify and address the critical security issues arising from the creation of hardware platforms through the use of composable hardware systems.
Predominantly, current hardware architectures are statically defined and deliver therefore a predetermined level of security and properties by which its resilience can be verified.
In the simplest case, a static design supporting hardware extension, for example through a exported bus, such as PCIe, will deviate from the design's initial security principles and will require mechanisms of encapsulation in its security model to constrain the indeterminable mechanisms by which extension of a system can perturb a static security model.
Although the provision of composable hardware may have understood security principles covering the creation of the resulting hardware platform, the arbitrary nature of composing the elements of a computer means that the resulting permutations lack any model of security by which threat models and mitigations can be evaluated.
The project proposes to conceptualise and evaluate across the design space of composable hardware platforms to discover whether key security properties and threat models can be extracted and used to create a security model from which the security of composed hardware can be validated. Further, given the dynamic nature of composed hardware, we will also investigate whether composed hardware can use dynamic verification mechanisms to assert security policy at runtime.
Beginning with platforms composed using PCI express switches in which the devices of a host can be shared and allocated dynamically between hosts, we will investigate the evolving and increased flexibility from Compute Express Link (CXL) and its ability to remove the host and device hierarchy while permitting any compute element to be a host or device while also providing shared access across the platform.
The objective outcome is to provide industry with a security model for a composed hardware platform from which security principles can be reasoned and demonstrated by its dynamic verification.
Predominantly, current hardware architectures are statically defined and deliver therefore a predetermined level of security and properties by which its resilience can be verified.
In the simplest case, a static design supporting hardware extension, for example through a exported bus, such as PCIe, will deviate from the design's initial security principles and will require mechanisms of encapsulation in its security model to constrain the indeterminable mechanisms by which extension of a system can perturb a static security model.
Although the provision of composable hardware may have understood security principles covering the creation of the resulting hardware platform, the arbitrary nature of composing the elements of a computer means that the resulting permutations lack any model of security by which threat models and mitigations can be evaluated.
The project proposes to conceptualise and evaluate across the design space of composable hardware platforms to discover whether key security properties and threat models can be extracted and used to create a security model from which the security of composed hardware can be validated. Further, given the dynamic nature of composed hardware, we will also investigate whether composed hardware can use dynamic verification mechanisms to assert security policy at runtime.
Beginning with platforms composed using PCI express switches in which the devices of a host can be shared and allocated dynamically between hosts, we will investigate the evolving and increased flexibility from Compute Express Link (CXL) and its ability to remove the host and device hierarchy while permitting any compute element to be a host or device while also providing shared access across the platform.
The objective outcome is to provide industry with a security model for a composed hardware platform from which security principles can be reasoned and demonstrated by its dynamic verification.
Publications
Dantas P
(2024)
A comprehensive review of model compression techniques in machine learning
in Applied Intelligence
| Description | RISE Summer School and Annual Conference 2024 |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Professional Practitioners |
| Results and Impact | The Summer School aims to bring together the UK hardware security community from both academia and industry. The programme will cover two days, with a mix of tutorials, presentations, interactive workshops and updates on the new RISE research projects. |
| Year(s) Of Engagement Activity | 2024 |
| URL | https://www.ukrise.org/2024-summer-school/ |
| Description | UK-US Semiconductor Security Summit |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | Promotion of UK research excellence with USA counterparts, with both government agency and key industrial participation to find aligned opportunities for research, gov-2-gov and national strategic intent. Outcomes as of 8/24 include inclusion of UK research topic listed in USA gov docs (Whitehouse/CISA) as potential solutions to international societal level challenges. Followup discussions on joint collaborations (awaiting suitable funding schemes) |
| Year(s) Of Engagement Activity | 2023 |
| URL | https://www.ukrise.org/uk-us-semisec-presentations/ |