Hardware Is the New Software: Finding Exploitable Bugs in Hardware Designs

Website Maintenance Alert

Due to scheduled maintenance on Wednesday, October 16, from 10:30 am to 4:30 pm Pacific Daylight Time (UTC -7), parts of the USENIX website (e.g., conference registration, user account changes) may not be available. We apologize for the inconvenience.

If you are trying to register for LISA19, please complete your registration before or after this time period.

Monday, January 28, 2019 - 11:30 am12:00 pm

Cynthia Sturton, University of North Carolina at Chapel Hill

Abstract: 

Bugs in hardware designs can create vulnerabilities that open the machine to malicious exploit. Despite mature functional validation tools and new research in designing secure hardware, the question of how to find and recognize those bugs remains open. My students and I have developed two tools in response to this question. The first is a security specification miner; it semi-automatically identifies security-critical properties of a design specified at the register transfer level. The second tool, Coppelia, is a symbolic execution engine that explores a hardware design and generates complete exploits for the security bugs it finds. We use Coppelia and our set of generated security properties to find new bugs in the open-source RISC-V and OR1k CPU architectures.

Cynthia Sturton, University of North Carolina at Chapel Hill

Cynthia Sturton is an Assistant Professor and Peter Thacher Grauer Fellow at the University of North Carolina at Chapel Hill. She leads the Hardware Security @ UNC research group to investigate the use of static and dynamic analysis techniques to protect against vulnerable hardware designs. Her research is funded by several National Science Foundation awards, a Junior Faculty Development Award from the University of North Carolina, and a Google Faculty Research Award. She was recently awarded the Computer Science Departmental Teaching Award at the University of North Carolina. Sturton received her M.S. and Ph.D. degrees from the University of California, Berkeley.

BibTeX
@conference {226361,
author = {Cynthia Sturton},
title = {Hardware Is the New Software: Finding Exploitable Bugs in Hardware Designs},
year = {2019},
address = {Burlingame, CA},
publisher = {{USENIX} Association},
month = jan,
}

Presentation Video