Applied Security Research
After the discovery of Spectre and Meltdown, the processor, operating system, and compiler vendors were forced to take on the challenging task of analyzing microarchitectural CPU behavior in a security context in order to develop mitigations. Hardware information flow tracking can assist in reasoning about the impact of opaque low-level hardware features on isolation guarantees made at higher abstraction levels (ex. the programmer's view). Tortuga Logic has been developing a methodology in collaboration with a large processor vendor to detect Spectre and Meltdown type vulnerabilities pre-silicon during simulation and emulation. I am the lead security researcher on this project and responsible for formulating Spectre and Meltdown detection in terms of information flow rules.
In other recent projects I have developed strategies for detecting illegal key flows in security subsystems, verifying on-chip bus access control policies, and ensuring proper clearing of sensitive data in resources shared between different trust levels. These strategies are developed for customers and demonstrated in the context of their design. I am constantly learning about the challenges industry faces in the quest to develop SoCs that are complex and feature-rich but also secure.
One aspect of my job at Tortuga Logic is attending and speaking at conferences. Since joining Tortuga Logic in 2018 I've had the opportunity to attended over 15 events and have spoken at at least 10! Below are videos of talks I've given at the 2021 USENIX Enigma Conference, 2020 Arm DevSummit, and the 2019 RISC-V Summit.
The Common Weakness Enumeration (CWE) database maintained by MITRE houses a taxonomy of bugs, errors, and design flaws that can lead to vulnerabilities in hardware and software designs. Vulnerabilities found in specific systems are recorded in the Common Vulnerabilities and Exposures (CVE) and the U.S. National Vulnerability Database (NVD).
In an effort lead by Intel in early 2020, CWE was extended to include hardware weaknesses (previously it only contained entries related to software). Tortuga Logic actively participates in this growing industry-wide initiative, and I authored and submitted 11 CWE entries covering a wide range of hardware security issues.
The new Hardware CWEs can be found here: https://cwe.mitre.org/data/definitions/1194.html
My CWEs: CWE-1282, CWE-1276, CWE-1256, CWE-1264, CWE-1300, CWE-1301, CWE-1278, CWE-1303, CWE-1262, CWE-1281, CWE-1271
In the spring of 2019 I participated in the Hack@DAC hardware security contest as an industry member of the Hackin' Aggies team comprised of Texas A&M University students who came primarily from functional hardware verification backgrounds. I mentored the students in developing a security mindset and helped hunt for bugs during the contest.
Teams scored points by finding and reporting security vulnerabilities in an SoC design containing bugs inserted by the contest organizers. Our team won first place in both rounds of the contest! As contest winners we were invited to speak at a special session at the 2019 Design Automation Conference (DAC) and contribute an article to IEEE Design and Test.
Contest Webpage: https://hackat.events/dac19/
IEEE D&T Paper: https://ieeexplore.ieee.org/document/9154730
Below are selected white papers written jointly with engineers from Synopsys, Cadence, and Mentor Graphics which discuss challenges and promising methodologies for implementing pre-silicon security strategies.