Every year, the latest computer model hits the market, full of the best technology to make it faster, smoother, and packed with memory. But those optimizations may enable attackers to infiltrate the system and steal data through a new method: the transient execution attack.

Supported by her more than half-million-dollar National Science Foundation Faculty Early Career Development Program (CAREER) award, Wenjie Xiong will focus on mitigating those attacks with new testing methods, stronger encryption methods, and improved hardware design to protect data in the computer memory.

“Computers have a lot of optimizations to run faster, but those can cause vulnerabilities and lead to attacks,” said Xiong, a Commonwealth Cyber Initiative fellow and assistant professor in the Bradley Department of Electrical and Computer Engineering. “We can’t just remove the optimizations to make them more secure, so we need to build frameworks to test for the attacks, and then improve them to mitigate attacks in future generations.”

In front, from left: Eunseong Park, Erfan Iravani Mohammadabadi and Wenjie Xiong. At back, from left: computer engineering undergraduate student, Aubtin Rasouli, and Jack Chandler. Photo by Ben Murphy for Virginia Tech.
The research team includes (from left) Eunseong Park, Erfan Iravani Mohammadabadi, computer engineering undergraduate student Aubtin Rasouli, Wenjie Xiong, and Jack Chandler. Photo by Ben Murphy for Virginia Tech.

What’s a transient execution attack?

To keep things running smoothly, modern computers execute multiple instructions at the same time. When an operation is slow, the microprocessor will try to speed things up by predicting the result of the slow operation and executing what the next step would be.

If the microprocessor’s prediction was correct, the operation continues uninterrupted. But if not, the computer quickly undoes the predicted operation and executes the correct operation. These undone operations are called transient instructions because they are temporary, discarded by the computer once they’re deemed unnecessary.

But these temporary operations aren’t fully erased from the computer. Little bits remain in the computer structure — and that’s what the transient execution attacks go after. This “leaked information” reveals information about the data a computer processed or details about existing protection mechanisms. Attackers then move these secret details to a place within the computer where they can be accessed to infiltrate the system or steal information like passwords or encryption keys.

Xiong’s research has three thrusts:

  • Create a new testing system that uses reinforcement learning to quickly and effectively study attack methods on different computer processors
  • Examine security features already available in commercial hardware, going beyond the Intel-specific features that most existing research focuses on
  • Design a combined solution using encryption methods and hardware design to protect pointers, which are the addresses a computer uses to load or store data

“In terms of design, there are always tradeoffs. Optimizations are there because customers pay for performance,” Xiong said. “Our goal is to evaluate the vulnerabilities, see what the impact will be and whether it will lead to real information leakage, and defend them with new mechanisms.”

Wenjie Xiong (at right) and ECE graduate research assistant, Eunseong Park. Photo by Ben Murphy for Virginia Tech.
Wenjie Xiong (at right) and graduate research assistant Eunseong Park. Photo by Ben Murphy for Virginia Tech.

International collaboration

In addition to working with the graduate students in her research lab, Xiong will collaborate with hardware and digital systems security expert Elif Bilge Kavun, head of the Secure Digital Systems research group in the Barkhausen Institut and professor for secure digital systems at the Technische Universität Dresden.

Xiong and Kavun previously partnered on the award-winning paper “Secure Data-Binding in FPGA-based Hardware Architectures utilizing PUFs,” which focuses on the physical vulnerabilities of field-programmable gate arrays, integral components of data centers, network devices, and automotive electronics.

“I’m actually planning to write a project proposal on a related topic for our side here in Germany,” said Kavun. “We’ll continue building hardware-assisted techniques for software security. Our work is complementary and will be useful for my own research projects. The results will be interesting for further investigations as well. It’s quite fitting we work together on this project.”

Related articles

Contact:

Tags

Share this story