Achieving Security and Privacy via Encrypted Architectures

Abstract

There are increasing incidences of high-profile data breaches and clever new attacks that exploit weaknesses throughout the software stack, with recent attacks moving into the hardware layer (e.g., Spectre [16] and Meltdown [17]). Yet, the security landscape consists not only of these novel exploits but also of exploits we have known about for decades that leverage vulnerabilities equally as pervasive. Despite the prevalence of these known vulnerabilities and significant efforts to defend against them, exploits remain widespread.

Understanding the landscape of security attacks can aid in the design of more durable defenses. Security attacks take on a similar structure, despite their diverse forms. Attackers leverage one or more vulnerabilities and system information assets to synthesize their exploit. Looking across attacks, we view these components as forming an inverted pyramid, with a small group of information assets leveraged alongside a larger group of vulnerabilities to commit an even larger number of exploits. Ultimately, classes of information assets that are instrumental for attacks (e.g., pointers, data layout, cache organization) are lesser in number than that of vulnerabilities. Thus, by applying protections to a few critical pieces of information, defenses can potentially achieve broad coverage against security exploits.

Hardware provides an advantageous place to situate information asset protections as they can be applied systematically, regardless of program-level semantics. Namely, low-level hardware implementations isolate critical information assets from higher-level layers of the stack, providing broad coverage against exploits. Architectural approaches enable us to design vulnerability-agnostic systems, as any software running atop the architecture, including programs that contain vulnerabilities, are insulated from attack. Further, hardware-based approaches can often be optimized to enable more efficient implementations, reducing runtime overheads that degrade system performance.

Based on these insights, this dissertation explores how encrypted architectures—processors that encrypt information domains (e.g., memory addresses, instructions, or data) directly in hardware—can provide comprehensive security and privacy guarantees. Our research has evolved from using encryption minimally in an ensemble of moving target defenses to comprehensively applying encryption with small but powerful architectural extensions. The first half of this dissertation studies the protection of code and pointers to thwart control-flow attacks, following the evolution of the Morpheus secure architecture. The second half of this dissertation discusses how encrypted architectures can comprehensively protect sensitive data and be safely optimized. Vulnerability-tolerant design undercuts all our proposed defenses, as we aim to protect systems in the presence of pervasive software vulnerabilities. Further, we work toward employing strong encryption and building side-channel resilience while maintaining reasonable performance overheads. Our work demonstrates that architectural approaches can emerge as dynamic, expressive, and performant security and privacy solutions.