Universiteit Gent SysSoft
(System Software Lab)
Fonds Wetenschappelijk Onderzoek - Vlaanderen
COSIC
(Computer Security and
Industrial Cryptography)
KU Leuven

(PUF-VM) Protected execution: from Physically Unclonable Functions to Virtual Machines

Promoter: Koen De Bosschere
Co-promoters: Bjorn De Sutter, Bart Preneel, Ingrid Verbauwhede
Motivation

This project is situated at the hardware/software interface of computer systems, at the heart of computer engineering. It involves programming tool boxes and virtualization technology on the software side, and computer architecture on the hardware side. While the latter will incorporate and consider very specific electronic components, the focus of this project is not on their circuit-level or physical design.


Project summary

A user wants to be sure that a computer behaves properly: it should do what it is asked to do, and it should not misbehave by stealing financial information, by spying on the browsing behavior or by attacking other computers. For some safety critical applications, it may be required that software is tightly bound to a specific machine to ensure that everything operates correctly and to preclude devastating attacks. The ICT industry has developed a range of software and hardware approaches to make computers more trustworthy. Complex software defenses are currently being used; the most advanced approaches run complex virtual machines inside the computer to create more variation. However, all of these solutions can be defeated with sophisticated software analysis tools. At the same time, a broad range of hardware features have been introduced to increase the protection of software and data; these features can be expensive and they are not always tightly integrated with the software. This project explores a novel approach that combines hardware and software protection mechanisms: the hardware instruction set will be (dynamically) modified (i.e., randomized) based on intrinsic properties of the physical ICs and matching dynamic virtual machines in software will run on top of these. This unique approach combines the advantages of strong software and hardware security and opens the possibility to make substantial progress towards more trustworthy computers.


Methodology

We will start with determining a realistic attack model on the basis of protection requirements and an overall system architecture will be derived. We will then study the components of that architecture from the SW and HW perspective. In a first phase, we will consider only static ISA randomization, with one immutable ISA variant supported per processor. Later we will study dynamic ISA randomization where multiple ISA variants are supported for multiple guest SW domains, as well as HW and SW support for temporal HW diversity.


Funding agency: Fund For Scientific Research - Flanders