Computer systems rely on computing platforms to execute user applications and host their data. These computing platforms are made of different hardware and system software and tend to grow in complexity. This growing complexity of interactions between software and hardware components raises serious privacy and trust issues in today’s computer systems. To address these issues, the main research goal of the SUSHI team will be to assess and increase the security level of existing and future computing platforms at the software/hardware interface.
The members of the SUSHI team organized the SILM thematic semester on the Security of Software/Hardware Interfaces. The goal of this semester was to promote the scientific, teaching, and industrial transfer activities in this research direction. The topics discussed during this seminar and the challenges identified have contributed to the SUSHI team’s research project. We are still involved in organizing the SILM Workshop, which is now a regular event co-localized with IEEE Euro S&P.
- Vulnerability identification and security by design: This axis aims first to identify new vulnerabilities resulting from software/hardware interactions in such complex and heterogeneous platforms and, second, to propose secure-by-design approaches to prevent the exploitation of such vulnerabilities.
- Reactive security at the host level: This axis focuses on host-based intrusion detection and reaction by leveraging software/hardware interactions.
- Formal models and proofs for low-level security: This axis aims to formally prove the security properties enforced or detected by software/hardware mechanisms.
We propose to decline these research axes on three different levels at the software/hardware interface:
- The hardware architecture and microarchitecture level focuses on the hardware part of the interface, which should provide software with the required services to ensure security;
- The system software level focuses on low-level software, such as OSes or hypervisors, which are heavily tied to hardware interfaces and must use them correctly to achieve security;
- The binary executable analysis and instrumentation level focuses on analyzing and modifying binary executables, i.e., sequences of instructions belonging to the Instruction Set Architecture.