Periodic Reporting for period 1 - HYDRANOS (Hardware-assisted Adaptive Cross-Layer Security for Computing Systems)
Reporting period: 2022-09-01 to 2025-02-28
The HYDRANOS project emerges in response to the evolving threats in modern computing systems. Traditionally, software vulnerabilities have been the primary focus of cybersecurity efforts. However, the new cross-layer attacks exploit software and hardware weaknesses. These attacks mark a significant shift in cybersecurity threats and pose risks even to systems equipped with advanced hardware-assisted defenses.
Preventing cross-layer attacks is essential in today's cybersecurity landscape, as these attacks can be executed remotely without requiring physical access to the hardware.
Cross-layer attacks exploit hardware microarchitectural flaws, such as transient execution vulnerabilities, revealing that hardware—once considered secure—can be compromised. Current hardware defenses are static, hard-wired into silicon, and unable to adapt to evolving threats or future attacks, with post-production fixes offering limited solutions. HYDRANOS aims to create a fundamentally novel, flexible, and adaptable paradigm for hardware security capable of addressing these evolving cross-layer attacks and delivering a robust, sustainable defense model for hardware security design.
The HYDRANOS project has several key objectives aimed at enhancing hardware security:
First, it will systematically analyze cross-layer attacks by studying how different components in processors and system-on-chip contribute to vulnerabilities.
Second, the project will develop a comprehensive detection and evaluation framework using hardware fuzzing techniques to identify vulnerabilities before production, incorporating advanced security testing methods such as information-flow analysis.
Third, we aim to create adaptive security for critical hardware components to be reconfigured post-production, enabling systems to be updated and patched to address new attacks or changing security and performance requirements.
Fourth, HYDRANOS will develop a unified security configuration interface, allowing users to dynamically adjust security requirements based on newly discovered vulnerabilities, offering adaptive security management.
The project aims to significantly impact secure computing by providing long-term solutions through adaptable hardware security components, supporting a broad range of applications from cloud computing to IoT devices. Moreover, HYDRANOS will establish an open European platform to foster further research and collaboration in the field of adaptive hardware security.
Preventing cross-layer attacks is essential in today's cybersecurity landscape, as these attacks can be executed remotely without requiring physical access to the hardware.
Cross-layer attacks exploit hardware microarchitectural flaws, such as transient execution vulnerabilities, revealing that hardware—once considered secure—can be compromised. Current hardware defenses are static, hard-wired into silicon, and unable to adapt to evolving threats or future attacks, with post-production fixes offering limited solutions. HYDRANOS aims to create a fundamentally novel, flexible, and adaptable paradigm for hardware security capable of addressing these evolving cross-layer attacks and delivering a robust, sustainable defense model for hardware security design.
The HYDRANOS project has several key objectives aimed at enhancing hardware security:
First, it will systematically analyze cross-layer attacks by studying how different components in processors and system-on-chip contribute to vulnerabilities.
Second, the project will develop a comprehensive detection and evaluation framework using hardware fuzzing techniques to identify vulnerabilities before production, incorporating advanced security testing methods such as information-flow analysis.
Third, we aim to create adaptive security for critical hardware components to be reconfigured post-production, enabling systems to be updated and patched to address new attacks or changing security and performance requirements.
Fourth, HYDRANOS will develop a unified security configuration interface, allowing users to dynamically adjust security requirements based on newly discovered vulnerabilities, offering adaptive security management.
The project aims to significantly impact secure computing by providing long-term solutions through adaptable hardware security components, supporting a broad range of applications from cloud computing to IoT devices. Moreover, HYDRANOS will establish an open European platform to foster further research and collaboration in the field of adaptive hardware security.
As of the project's midterm, we have conducted extensive research and development activities to address the first two key objectives: Systematic Analysis of Cross-layer Attacks and Detection and Evaluation Framework. Progress in these two objectives has equipped us with the necessary background to pursue subsequent goals.
To achieve the first key objective, we analyzed various cross-layer vulnerabilities and attacks targeting different processors and system-on-chip (SoC) architectures, including Intel, AMD, ARM, and RISC-V. Additionally, we organized the world's largest hardware capture-the-flag competitions, at the renowned systems conference DAC (Design Automation Conference) conferences in 2023 and 2024, in collaboration with Intel, and Synopsys, two giants in semiconductor domain, as well as our research partner Texas A&M University. In these competitions, we focused on the Google OpenTitan Root-of-Trust to introduce real-world vulnerabilities into this Root-of-Trust framework. These competitions and collaborations have yielded significant insights into various real-world hardware vulnerabilities, attack scenarios, the benefits and limitations of current hardware verification techniques, and the potential role of machine learning in hardware verification. We publish and open-source these results for research and educational purposes.
Based on our research and development results, a collaboration with MITRE Corporation has emerged. MITRE is an organization that primarily supports government agencies, particularly in cybersecurity. MITRE is renowned for its contributions to cybersecurity through the MITRE ATT&CK framework. It is a comprehensive knowledge base of cyber adversary behavior used worldwide to enhance security and incident response. This collaboration provided MITRE Corporation with practical examples across various hardware vulnerability categories (CWEs), contributing to over 20 published CWEs.
To accomplish the second key objective, we leveraged the findings from our systematic analysis of cross-layer attacks to develop several advanced detection and evaluation frameworks. These two aspects concern the first two goals of Hydranos, as mentioned above.
Specifically, we proposed novel hardware fuzzing techniques for different vulnerability categories, Hardware fuzzing for detecting processor bugs and vulnerabilities, uncovering timing side-channel leaks, and speculative execution leakages
To achieve the first key objective, we analyzed various cross-layer vulnerabilities and attacks targeting different processors and system-on-chip (SoC) architectures, including Intel, AMD, ARM, and RISC-V. Additionally, we organized the world's largest hardware capture-the-flag competitions, at the renowned systems conference DAC (Design Automation Conference) conferences in 2023 and 2024, in collaboration with Intel, and Synopsys, two giants in semiconductor domain, as well as our research partner Texas A&M University. In these competitions, we focused on the Google OpenTitan Root-of-Trust to introduce real-world vulnerabilities into this Root-of-Trust framework. These competitions and collaborations have yielded significant insights into various real-world hardware vulnerabilities, attack scenarios, the benefits and limitations of current hardware verification techniques, and the potential role of machine learning in hardware verification. We publish and open-source these results for research and educational purposes.
Based on our research and development results, a collaboration with MITRE Corporation has emerged. MITRE is an organization that primarily supports government agencies, particularly in cybersecurity. MITRE is renowned for its contributions to cybersecurity through the MITRE ATT&CK framework. It is a comprehensive knowledge base of cyber adversary behavior used worldwide to enhance security and incident response. This collaboration provided MITRE Corporation with practical examples across various hardware vulnerability categories (CWEs), contributing to over 20 published CWEs.
To accomplish the second key objective, we leveraged the findings from our systematic analysis of cross-layer attacks to develop several advanced detection and evaluation frameworks. These two aspects concern the first two goals of Hydranos, as mentioned above.
Specifically, we proposed novel hardware fuzzing techniques for different vulnerability categories, Hardware fuzzing for detecting processor bugs and vulnerabilities, uncovering timing side-channel leaks, and speculative execution leakages
We found that existing hardware security verification methods have several limitations: formal verification techniques face scalability issues due to state explosion in large designs, information flow tracking adds significant overhead, and manual verification is not scalable. These limitations restrict the size and complexity of processors that HYDRANOS can support. We developed advanced hardware fuzzing techniques, proposing five novel frameworks by the project's midterm to optimize the exploration of designs under test and efficiently detect diverse vulnerabilities.
Although state-of-the-art hardware fuzzers address some limitations like state explosion, they still suffer from three critical shortcomings: (1) difficulty in exploring hard-to-reach areas of the design under test, (2) limited to detecting general functional bugs rather than complex vulnerabilities like timing channels and speculative execution leakages, and (3) lack of semantic awareness, meaning test cases are generated blindly without control and data flow entanglement, making them ineffective in triggering complex vulnerabilities. To address these issues, we introduced [Chen et al. USENIX SEC '23], [Gohil et al. DATE ’24], and [Chen et al. ICCAD' 23] incorporates optimization algorithms such as multi-armed bandit and particle swarm optimization to overcome design exploration saturation and improve the detection of hard-to-reach vulnerabilities.
Additionally, to tackle the detection of timing side channels and speculative execution leakages, we proposed [Pallavi et al. USENIX SEC ‘24] and [Rostami et al. DAC' 24]. These frameworks introduced novel coverage metrics representing the vulnerability search space, guiding the fuzzer to cover potential weaknesses efficiently. [Pallavi et al. USENIX SEC' 24] uses advanced algorithms to detect timing side-channels in white-box processors and pinpoint vulnerability locations, while Specure identifies speculative execution leakage paths. Finally, we developed [Rostami et al. DATE' 24], an AI-assisted hardware fuzzer that learns machine language semantics to generate meaningful, entangled test cases capable of uncovering multi-step vulnerabilities. Several other works in this direction have already been submitted or are in the pipeline.
Our research advanced hardware verification tools through these innovations by increasing coverage, detecting various vulnerability categories, and generating intelligent test cases for complex exploits.
Although state-of-the-art hardware fuzzers address some limitations like state explosion, they still suffer from three critical shortcomings: (1) difficulty in exploring hard-to-reach areas of the design under test, (2) limited to detecting general functional bugs rather than complex vulnerabilities like timing channels and speculative execution leakages, and (3) lack of semantic awareness, meaning test cases are generated blindly without control and data flow entanglement, making them ineffective in triggering complex vulnerabilities. To address these issues, we introduced [Chen et al. USENIX SEC '23], [Gohil et al. DATE ’24], and [Chen et al. ICCAD' 23] incorporates optimization algorithms such as multi-armed bandit and particle swarm optimization to overcome design exploration saturation and improve the detection of hard-to-reach vulnerabilities.
Additionally, to tackle the detection of timing side channels and speculative execution leakages, we proposed [Pallavi et al. USENIX SEC ‘24] and [Rostami et al. DAC' 24]. These frameworks introduced novel coverage metrics representing the vulnerability search space, guiding the fuzzer to cover potential weaknesses efficiently. [Pallavi et al. USENIX SEC' 24] uses advanced algorithms to detect timing side-channels in white-box processors and pinpoint vulnerability locations, while Specure identifies speculative execution leakage paths. Finally, we developed [Rostami et al. DATE' 24], an AI-assisted hardware fuzzer that learns machine language semantics to generate meaningful, entangled test cases capable of uncovering multi-step vulnerabilities. Several other works in this direction have already been submitted or are in the pipeline.
Our research advanced hardware verification tools through these innovations by increasing coverage, detecting various vulnerability categories, and generating intelligent test cases for complex exploits.