Applied Security Research

After the discovery of Spectre and Meltdown, the processor, operating system, and compiler vendors were forced to take on the challenging task of analyzing microarchitectural CPU behavior in a security context in order to develop mitigations. Hardware information flow tracking can assist in reasoning about the impact of opaque low-level hardware features on isolation guarantees made at higher abstraction levels (ex. the programmer's view). Tortuga Logic has been developing a methodology in collaboration with a large processor vendor to detect Spectre and Meltdown type vulnerabilities pre-silicon during simulation and emulation. While at Tortuga Logic I was the lead security researcher on this project and was responsible for formulating Spectre and Meltdown detection in terms of information flow rules.

At Tortuga Logic I also participated in developing methodologies for detecting illegal key flows in security subsystems, verifying on-chip bus access control policies, and ensuring proper clearing of sensitive data in resources shared between different trust levels. These strategies were developed for customers and demonstrated in the context of their design.

I am constantly learning about the challenges industry faces in the quest to develop SoCs that are complex and feature-rich but also secure.

Conference Presentations

I've had the opportunity to attended over 15 events and have spoken at at least 10 since joining industry in 2018! Below are videos of talks I've given at the 2021 USENIX Enigma Conference, 2020 Arm DevSummit, and the 2019 RISC-V Summit.

Hardware CWE

The Common Weakness Enumeration (CWE) database maintained by MITRE houses a taxonomy of bugs, errors, and design flaws that can lead to vulnerabilities in hardware and software designs. Vulnerabilities found in specific systems are recorded in the Common Vulnerabilities and Exposures (CVE) and the U.S. National Vulnerability Database (NVD).

In an effort lead by Intel in early 2020, CWE was extended to include hardware weaknesses (previously it only contained entries related to software). Tortuga Logic actively participates in this growing industry-wide initiative, and I authored and submitted 11 CWE entries covering a wide range of hardware security issues.

The new Hardware CWEs can be found here: https://cwe.mitre.org/data/definitions/1194.html

My CWEs: CWE-1282, CWE-1276, CWE-1256, CWE-1264, CWE-1300, CWE-1301, CWE-1278, CWE-1303, CWE-1262, CWE-1281, CWE-1271

Hack@DAC 2019

In the spring of 2019 I participated in the Hack@DAC hardware security contest as an industry member of the Hackin' Aggies team comprised of Texas A&M University students who came primarily from functional hardware verification backgrounds. I mentored the students in developing a security mindset and helped hunt for bugs during the contest.

Teams scored points by finding and reporting security vulnerabilities in an SoC design containing bugs inserted by the contest organizers. Our team won first place in both rounds of the contest! As contest winners we were invited to speak at a special session at the 2019 Design Automation Conference (DAC) and contribute an article to IEEE Design and Test.

Contest Webpage: https://hackat.events/dac19/

DAC session: http://www2.dac.com/events/eventdetails.aspx?id=267-36

IEEE D&T Paper: https://ieeexplore.ieee.org/document/9154730

Industry Whitepapers

Below are selected white papers written jointly with engineers from Synopsys, Cadence, and Mentor Graphics which discuss challenges and promising methodologies for implementing pre-silicon security strategies.

• Configure, Confirm, Ship: Build Secure Processor-Based Systems with Faster Time-to-Market

• A Complete System-Level Security Verification Methodology

• Detecting Security Vulnerabilities in a RISC-V Based System-on-Chip