DAEHYUN KIM

This introduction is about 'what role can hardware (and computer architecture) play in securing computer systems?'.

1. "Newcache: Secure Cache Architecture Thwarting Cache Side-Channel Attacks, MICRO 2016" by Fangfei Liu and colleagues.

* Purpose: Newcache was designed to foil fine-grained side-channel attacks that have been used to leak secret keys from symmetric and asymmetric cryptographic algorithms.

* How: The authors show that such fine-grained measurements of cache line usage can be obfuscated by randomly permuting the physical cache line that a memory address maps to - in particular, taping out a chip to show that this can be achieved with almost no overhead.

2. "Detecting Hardware Covert Timing Channels, MICRO 2016" by Guru Venkataramani and colleagues.

* "covert" channels: The attacker controls code on both sides of an access-controlled boundary and attempts to leak secret information across it.

* Explain: Microarchitectural covert channels can be distinguished from benign processes on the basis of their pattern of contention for microarchitectural resources. This insight enables the authors' technique, CCHunter, to defend against not just cache-based attacks but any contention-driven information leak.

3. "Monitoring and Attestation of Virtual Machine Security Health in Cloud Computing, MICRO 2016" by Tianwei Zhang and Ruby B. Lee.

* Purpose: How a user of a remote (for example, cloud-based) server can obtain tamperproof, cryptographically signed evidence that the server adhered to the service-level agreement.

* How: For example, users can contact a server-side monitor to check whether the virtual machine's integrity is preserved, request the server-side monitor to run covert-channel checks similar to CC-Hunter, or measure availability over time and "attest" to these properties with a signed message back to the user.

4. "Fast Protection-Domain Crossing in the CHERI Capability-System Architecture" by Robert N.M. Watson and colleagues.

* Purpose; Simplify software security by hardware assistance

* How: The CHERI approach revisits hardware-assisted capabilities by separating out virtual memory management from memory protection. Together with programmer annotation, compiler assistance, and OS-level change, CHERI demonstrates the potential of compartmentalization applications into several containers with tight communication interfaces.

5. "A Comparative Security Analysis of Current and Emerging Technologies" by Chandra K.H. Suresh and colleagues.

* Purpose: The vulnerabilities hidden in emerging transistor technologies and the opportunities therein to improve security.

* How: NEMS- and CNT-based hardware is less vulnerable to attackers who attempt to observe a device's power trace and infer secrets. It also makes it more difficult for attackers to attempt to hide malicious hardware logic inside a chip, and it enables a designer to camouflage sensitive hardware logic from being reverse-engineered. 

"1. Newcache ~"에서는 cryptographic algorithm을 구동할 때 Cache line에서 side-channel leaks가 있으니 그것을 어떻게 막을지에 대한 것이고 permuting을 overhead없이 어떻게 할지에 관련된 것이다.

"2. Detecting Hardware ~"에서는 covert channel을 간단하게 구별해내는 것을 보이고, cache-based attack이나 contention-driven information leak을 막아주는 것을 보여준다.

"3. Monitoring ~"에서는 어떻게 remote server에서 integrity를 만족시킬지에 관한 것이다. "2"와 연관이 존재.