Georgia Tech > CoE > ECE > MARS [ MARS | People | Research | Publications | Software | Internal ]

Highly Secure and Intrusion-Tolerant Computing

Faculty

Hsien-Hsin Sean Lee

Graduate Students

Mrinmoy Ghosh

Alumni

Joshua B. Fryman (Ph.D. 2005, now with Intel Labs)
Weidong Shi (Ph.D. 2006, now with Motorola Labs)

Sponsor

Department of Energy

Description

Cyber exploits and remote attacks on network servers and workstations are becoming serious concerns by both network service providers and Internet users. Due to the deficiency of effective and efficient countermeasures and self-recovery capability, malicious adversaries can easily duplicate a software, modify it, reverse-engineer to reveal its secret, append virus, or gain unauthorized access to sensitive data. This project aims at addressing these emerging issues for high performance networks and computing systems. Our research focus is to investigate the security and recovery issues from the perspective of architecture and system software in a hierarchical manner. The ultimate goal is to provide robust security and non-disruptive service availability transparent to user clients.

First, this project investigates a comprehensive CASC infrastructure called Memory-centric Security Architecture (MESA) that provides and enables security support from OS, platform architecture, and microarchitecture to address the security challenges. Novel features of MESA include memory-centric security management, principle execution, information security monitoring, register labeling, trace obfuscation engine, secure memory controller, and M-TREE microprocessor. While providing robost security support at the system level, their implications toward performance are also being studied. To satisfy performance requirement for such high performance systems, novel microarchitecture techniques, including counter prediction and precomputation, authentication speculation, frequent cipher prediction, etc., are under investigation. By putting them altogether, the entire MESA system can effectively and efficiently address security, performance and interoperability under a multi-domain information sharing environment and guarantee data privacy and integrity of a shared-memory multiprocessor/multi-core system.

The second thrust of this project investigates intrusion-tolerant and self-recovery techniques based on a multi-core processor or chip multiprocessor (CMP). Our technique leverages the closely-coupled processors on a chip to perform instant backup, fine-grained security introspection, and fast recovery for corrupted or compromised data. We introduce the concept of security-insulation using differential cores on a CMP to isolate higher privileged jobs from potential external exploits. All service applications running on lower privileged cores, if attacked, will be recovered by the security-insulated core using our high speed checkpointing scheme. Such a security-enhanced CMP platform provides multi-point defenses and efficient introspection mechanism to tolerate remote exploits and achieve fast recovery, making an autonomic system practical.

The intellectual merits of this project include the following: (a) tackling issues with a hierarchical multifaceted approach from microarchitecture to the operating system in order to achieve secure and autonomic computing, (b)developing techniques for copy protection, data authentication and maintaining software confidentiality under a multi-domain software system and/or a multiprocessor system, (c) developing highly efficient self-recovery autonomic capability with emerging processor platform, (d) demonstrating the performance advantages of our techniques, (e) providing a holistic solution to enabling security and high service availability.



Refereed Journal Articles

IEEE MICRONak Hee Seong, Dong Hyuk Woo, and Hsien-Hsin S. Lee. "Security Refresh: Protect Phase-Change Memory against Malicious Wear-out." In IEEE MICRO special issue on Top Picks from the Computer Architecture Conferences of 2010, pp.119-127, January/February, 2011.
[pdf]
JPDCJun Yang, Lan Gao, Youtao Zhang, Marek Chrobak, and Hsien-Hsin S. Lee. "A Low-Cost Memory Remapping Scheme for Address Bus Protection." In Journal of Parallel and Distributed Computing, Elsevier, Vol. 70, Issue 5, pp.443-457, 2010.
[pdf]
JPDCChenghuai Lu, Tao Zhang, Weidong Shi, and Hsien-Hsin S. Lee. "M-TREE: A High Efficiency Security Architecture for Protecting Integrity and Privacy of Software." In Journal of Parallel and Distributed Computing for a special issue on Security in Grid and Distributed Systems, Vol. 66, issue 9, pp.1116-1128, 2006.
[pdf]
Transactions on HiPEACWeidong Shi, Chenghuai Lu, and Hsien-Hsin S. Lee. "Memory-centric Security Architecture." In Transactions on High-Performance Embedded Architectures and Compilers, Vol. 1, pp.95-115, 2007.
CANWeidong Shi, Hsien-Hsin S. Lee, Chenghuai Lu, and Mrinmoy Ghosh. "Towards the Issues in Architectural Support for Protection of Software Execution." In ACM SIGARCH Computer Architecture News, Vol. 33, Issue 1, pp.6-15, March, 2005.
[pdf]



Refereed Conference Papers

IPDPSJen-Cheng Huang, Lifeng Nai, Hyesoon Kim, and Hsien-Hsin S. Lee. "TBPoint: Reducing Simulation Time for Large-Scale GPGPU Kernels." In the 28th International Symposium on Parallel & Distributed Processing Symposium, Phoenix, AZ, 2014.
[pdf]
CF-14Lifeng Nai, Yinglong Xia, Ching-Yung Lin, Bo Hong, and Hsien-Hsin S. Lee. "Cache-Conscious Graph Collaborative Filtering on Multi-socket Multicore Systems." In Proceedings of the ACM International Conference on Computing Frontiers, Cagliari, Italy, May, 2014.
[pdf]
ANCSJen-Cheng Huang, Matteo Monchiero, Yoshio Turner, and Hsien-Hsin S. Lee. "Ally: OS-Transparent Packet Inspection Using Sequestered Cores." In Proceedings of the ACM/IEEE Symposium on Architectures for Networking and Communications Systems, pp.1-11, Brooklyn, NY, October, 2011. (Best Paper Award of ANCS 2011)
[pdf] [slides]
ISCA-37Nak Hee Seong, Dong Hyuk Woo, and Hsien-Hsin S. Lee. "Security Refresh: Prevent Malicious Wear-out and Increase Durability for Phase-Change Memory with Dynamically Randomized Address Mapping." In Proceedings of the 37th International Symposium on Computer Architecture, pp.383-394, Saint-Malo, France, June, 2010. (One of the 11 papers selected as IEEE MICRO's Top Picks from the Computer Architecture Conferences of 2010)
[pdf] [slides]
MICRO-41Vikas R. Vasisht and Hsien-Hsin S. Lee. "SHARK: Architectural Support for Autonomic Protection Against Stealth by Rootkit Exploits." In Proceedings of the 41st ACM/IEEE International Symposium on Microarchitecture, pp.106-116, Lake Como, Italy, November, 2008.
[pdf] [slides]
CF-07Weidong Shi and Hsien-Hsin S. Lee. "Accelerating Memory Decryption and Authentication with Frequent Value Prediction." In Proceedings of the ACM International Conference on Computing Frontiers, pp.35-46, Ischia, Italy, May, 2007.
[pdf] [slides]
MICRO-39Weidong Shi and Hsien-Hsin S. Lee. "Authentication Control Point and its Implications for Secure Processor Design." In Proceedings of the ACM/IEEE International Symposium on Microarchitecture, pp.103-112, Orlando, Florida, December, 2006.
[pdf] [slides]
GH-06Weidong Shi, Hsien-Hsin S. Lee, Richard M. Yoo, and Alexandra Boldyreva. "A Digital Rights Enabled Graphics Processing System." In Proceedings of the ACM SIGGRAPH/Eurographics Workshop of Graphics Hardware, pp.17-26, Vienna, Austria, September, 2006.
[pdf] [slides]
PACT-15Lan Gao, Jun Yang, Marek Chrobak, Youtao Zhang, San Nguyen, and Hsien-Hsin S. Lee. "A Low-cost Memory Remapping Scheme for Address Bus Protection." In Proceedings of the 15th International Conference on Parallel Architectures and Compilation Techniuqes, pp.74-83, Seattle, WA, September, 2006.
[pdf] [slides]
ISCA-33Weidong Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh. "An Integrated Framework for Dependable and Revivable Architecture Using Multicore Processors." In Proceedings of the 33rd International Symposium on Computer Architecture, pp. 102-113, Boston, MA, June, 2006.
[pdf] [slides]
HPCA-12Weidong Shi, Joshua B. Fryman, Guofei Gu, Hsien-Hsin S. Lee, Youtao Zhang, and Jun Yang. "InfoShield: A Security Architecture for Protecting Information Usage in Memory." In Proceedings of the 12th International Symposium on High-Performance Computer Architecture, pp.225-234, Austin, TX, February, 2006.
[pdf] [slides]
HiPEACWeidong Shi, Chenghuai Lu, and Hsien-Hsin S. Lee. "Memory-centric Security Architecture." In Proceedings of the 2005 International Conference on High Performance Embedded Architectures and Compilers, pp.153-168, Barcelona, Spain, November, 2005.
[pdf] [slides]
ISCA-32Weidong Shi, Hsien-Hsin S. Lee, Mrinmoy Ghosh, Chenghuai Lu, and Alexandra Boldyreva. "High Efficiency Counter Mode Security Architecture via Prediction and Precomputation." In the Proceedings of the 32nd International Symposium on Computer Architecture, pp.14-24, Madison, Wisconsin, June, 2005.
[pdf] [slides]
ICACWeidong Shi, Hsien-Hsin S. Lee, Guofei Gu, Mrinmoy Ghosh, Laura Falk, and Trevor N. Mudge. "Intrusion Tolerant and Self-Recoverable Network Service System Using Security Enhanced Chip Multiprocessors." In the Proceedings of the 2nd International Conference on Autonomic Computing, pp.263-273, Seattle, Washington, June, 2005.
[pdf] [slides]
DRMWeidong Shi, Hsien-Hsin S. Lee, Chenghuai Lu, and Tao Zhang. "Attacks and Risk Analysis for Hardware Supported Software Copy Protection Systems." In Proceedings of the 4th ACM Workshop on Digital Rights Management, pp. 54- 62, Washington D.C., October, 2004.
[pdf]
PACT-13Weidong Shi, Hsien-Hsin S. Lee, Mrinmoy Ghosh, and Chenghuai Lu. "Architectural Support for High Speed Protection of Memory Integrity and Confidentiality in Multiprocessor Systems." In Proceedings of the International Conference on Parallel Architecture and Compilation Techniques, pp.123-134, Antibes Juan-les-Pins, France, September, 2004.
[pdf] [slides]
CASESXiaotong Zhuang, Tao Zhang, Hsien-Hsin S. Lee, and Santosh Pande. "Hardware Assisted Control Flow Obfuscation for Embedded Processors." In Proceedings of the International Conference on Compilers Architecture Synthesis for Embedded Systems, pp.292-302, Washington D.C., September, 2004. (Best Paper Awarded)
[pdf] [slides]



Refereed Workshop Papers

IPDPSWLifeng Nai and Hsien-Hsin S. Lee. "Reducing False Transactional Conflicts With Speculative Sub-blocking State - An Empirical Study for ASF Transactional Memory System." In the 27th International Symposium on Parallel & Distributed Processing Workshops and PhD Forum, Boston, MA, May, 2013.
[pdf]
WDDDSungkap Yeo, Nak Hee Seong, and Hsien-Hsin S. Lee. "Can Multi-Level Cell PCM Be Reliable and Usable? Analyzing the Impact of Resistance Drift." In the 10th Annual Workshop on Duplicating, Deconstructing and Debunking in conjunction with the 39th International Symposium on Computer Architecture, Portland, OR, June, 2012.
[pdf]
CMPMSI Dong Hyuk Woo and Hsien-Hsin S. Lee. "Analyzing Performance Vulnerability due to Resource Denial-of-Service Attack on Chip Multiprocessors." In Workshop on Chip Multiprocessor Memory Systems and Interconnects in conjunction with the 13th International Conference on High-Performance Computer Architecture, Phoenix, Arizona, February, 2007.
[pdf] [slides]
ESNS07 Hsien-Hsin S. Lee and Santosh Pande. "Secure Processing On-Chip." In Army Research Office Planning Workshop on Embedded Systems and Network Security, Raleigh, North Carolina, February, 2007.
[pdf] [slides]
WASSAWeidong Shi, Hsien-Hsin S. Lee, Chenghuai Lu, and Mrinmoy Ghosh. "Towards the Issues in Architectural Support for Protection of Software Execution." In the Workshop on Architectural Support for Security and Anti-Virus in conjunction with the 11th International Conference on Architectural Support for Programming Languages and Operating Systems, pp.1-10, Boston, MA, October, 2004.
[pdf] [slides]



Theses

Weidong Shi. "Architectural Support for Protecting Memory Integrity and Confidentiality." College of Computing, Georgia Institute of Technology, 2006.
[pdf]
100 Binney Street
Cambridge, MA 02142

>
http://hsienhsinlee.github.io
650-709-9452