Hardware Is the New Software: Finding Exploitable Bugs in Hardware Designs

Monday, January 28, 2019 - 11:30 am12:00 pm

Cynthia Sturton, University of North Carolina at Chapel Hill

Abstract: 

Bugs in hardware designs can create vulnerabilities that open the machine to malicious exploit. Despite mature functional validation tools and new research in designing secure hardware, the question of how to find and recognize those bugs remains open. My students and I have developed two tools in response to this question. The first is a security specification miner; it semi-automatically identifies security-critical properties of a design specified at the register transfer level. The second tool, Coppelia, is a symbolic execution engine that explores a hardware design and generates complete exploits for the security bugs it finds. We use Coppelia and our set of generated security properties to find new bugs in the open-source RISC-V and OR1k CPU architectures.

Cynthia Sturton, University of North Carolina at Chapel Hill

Cynthia Sturton is an Assistant Professor and Peter Thacher Grauer Fellow at the University of North Carolina at Chapel Hill. She leads the Hardware Security @ UNC research group to investigate the use of static and dynamic analysis techniques to protect against vulnerable hardware designs. Her research is funded by several National Science Foundation awards, a Junior Faculty Development Award from the University of North Carolina, and a Google Faculty Research Award. She was recently awarded the Computer Science Departmental Teaching Award at the University of North Carolina. Sturton received her M.S. and Ph.D. degrees from the University of California, Berkeley.

BibTeX
@conference {226361,
author = {Cynthia Sturton},
title = {Hardware Is the New Software: Finding Exploitable Bugs in Hardware Designs},
year = {2019},
address = {Burlingame, CA},
publisher = {USENIX Association},
month = jan
}

Presentation Video