Suh Research Group

Research Projects

This page provides brief descriptions of current and past research projects at Cornell with a list of representative publications. You can find more on our past work at MIT here. A complete list of publications can be found here

Verifiably Secure Hardware and Its Applications to Secure Autonomous Driving

Hardware provides an important foundation for any software security mechanisms. In particular, hardware must be able to protect and isolate security-critical software components from less trusted parts. For example, in cloud computing, a high-security virtual machine (VM) must be isolated from low-security VMs. In safety-critical cyber-physical systems (CPS) such as self-driving cars, safety-critical components such as autonomous controllers must be securely isolated from the rest of a system such as passenger entertainment systems. Unfortunately, today's computing systems cannot provide strong isolation or security assurance. This project aims to develop a verifiably secure computing system and apply it to build a secure autonomous driving vehicle. For this project, we are collaborating with Andrew Myers and Mark Campbell at Cornell.

There are three main thrusts in this project. In the first thrust, we are developing a multi-core processor where all software-visible information flows are tightly controlled. In particular, today's processor designs are vulnerable to timing-channel attacks and we are developing protection mechanisms to enable complete timing isolation. This architecture will be able to provide comprehensive isolation among software components.

  • Yao Wang, Andrew Ferraiuolo, Danfeng Zhang, Andrew C. Myers, and G. Edward Suh, SecDCP: Secure Dynamic Cache Partitioning for Efficient Timing Channel Protection, To appear in Proceedings of the the 53rd Design Automation Conference (DAC), June 2016
  • Andrew Ferraiuolo, Yao Wang, Danfeng Zhang, Andrew C. Myers, and G. Edward Suh, Lattice Priority Scheduling: Low-Overhead Timing Channel Protection for a Shared Memory Controller, To appear in Proceedings of the 22nd International Symposium on High-Performance Computer Architecture (HPCA), February 2016. [ PDF ]
  • Yao Wang, Andrew Ferraiuolo, and G. Edward Suh, Timing Channel Protection for Memory Controllers, Proceedings of the 20th International Symposium on High Performance Computer Architecture (HPCA), February 2014. [ PDF ]
  • Yao Wang and G. Edward Suh, Efficient Timing Channel Protection for On-Chip Networks, Proceedings of the 6th ACM/IEEE International Symposium on Networks-on-Chip (NOCS), May 2012. [ PDF ]

In the second thrust, we are developing tools and methodologies to enable formally verifying information flow properties of hardware designs. The goal is to be able to formally prove that our multi-core processor design is indeed secure.

  • Danfeng Zhang, Yao Wang, G. Edward Suh, and Andrew C. Myers, A Hardware Design Language for Timing-Sensitive Information-Flow Security, Proceedings of the 15th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), March 2015. [ ACM-Authorize ]

Finally, we are working on developing a secure self-driving vehicle based on the new secure multi-core.

Automated Cross-Layer Customization

As the traditional technology scaling slows down, future computing will need to rely increasingly on architecture and software-level customization for more efficiency. In this context, there are two main ways to improve efficiency: build heterogeneous hardware that better match workload characteristics and remove inefficiencies in abstraction layers by optimizing multiple layers together. In this project, we are developing automated tools along with new architecture designs to allow a system to be quickly customized for given applications and environments.

As the first example, we investigated how exposing application-level response-time requirements to lower-level layers and co-optimizing them can reduce the overall energy consumption. In particular, we developed new prediction-guided DVFS frameworks for processing cores as well as accelerators. The frameworks enable developing application-specific DVFS controller with minimal human efforts, and lead to significant energy savings over today's Linux power governors.

  • Tao Chen, Alex Rucker, and G. Edward Suh, Execution Time Prediction for Energy-Efficient Hardware Accelerators, Proceedings of the 48th Annual International Symposium on Microarchitecture (MICRO), December 2015. [ PDF ]
  • Daniel Lo, Taejoon Song, and G. Edward Suh, Prediction-Guided Performance-Energy Trade-off for Interactive Applications, Proceedings of the 48th Annual International Symposium on Microarchitecture (MICRO), December 2015. [ PDF ]

Past Projects

TRUMP: TRUstworthy Many-core Platform

trump-image.jpg The goal of this project was to build a trustworthy hardware foundation exploiting abundant parallel computation resources in future many-core systems. We investigated detection and toleration of both hardware errors such as design bugs, malicious Trojans, and run-time faults, and software errors such as memory and concurrency bugs.

1) Run-Time Detection and Toleration Frameworks

  • Ruirui Huang, and G. Edward Suh, IVEC: Off-Chip Memory Integrity Protection for Both Security and Reliability, Proceedings of the 37th International Symposium on Computer Architecture (ISCA 2010), June 2010
  • Ruirui Huang, Daniel Y. Deng, and G. Edward Suh, Orthrus: Efficient Software Integrity Protection on Multi-Cores, Proceedings of the 15th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2010), March 2010.

2) Extensions to Enable Run-Time Monitoring for Real-Time Systems

  • Daniel Lo, Tao Chen, Mohamed Ismail, and G. Edward Suh, Run-Time Monitoring with Adjustable Overheads Using Dataflow-Guided Filtering, Proceedings of the 21st International Symposium on High Performance Computer Architecture (HPCA), February 2015. [ PDF ]
  • Daniel Lo, Mohamed Ismail, Tao Chen, and G. Edward Suh, Slack-Aware Opportunistic Monitoring for Real-Time Systems, Proceedings of the 20th IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS), April 2014. [ PDF ]
  • Daniel Lo and G. Edward Suh, Worst-Case Execution Time Analysis for Parallel Run-Time Monitoring, Proceedings of the 49th Design Automation Conference (DAC), June 2012. [ ACM-Authorize ]

3) Concurrency Bug Detection

  • Ruirui Huang, Erik Halberg, Andrew Ferraiuolo, and G. Edward Suh, Low-Overhead and High Coverage Run-Time Race Detection Through Selective Meta-data Management, Proceedings of the 20th International Symposium on High Performance Computer Architecture (HPCA), February 2014. [ PDF ]
  • Ruirui Huang, Erik Halberg, and G. Edward Suh, Non-Race Concurrency Bug Detection Through Order-Sensitive Critical Sections, Proceedings of the 40th International Symposium on Computer Architecture (ISCA), June 2013. [ ACM-Authorize ]

4) Remote Authentication of Hardware Designs

  • G. Edward Suh, and Srinivas Devadas, Physical Unclonable Functions for Device Authentication and Secret Key Generation, Proceedings of the 44th Design Automation Conference (DAC'07), San Diego, CA, June 2007. [ PDF ]

Intelligent On-chip Networks

As we increase the number of cores on a die, on-chip communications and therefore on-chip interconnect networks become more important in all aspects of a computer system including performance, power consumption, security, and reliability. This project aimed develop a new many-core chip with a better on-chip network by combining techniques from computer architecture, Computer-Aided Design (CAD), and large-scale networking. More specifically, we collaborated with Professor Srinivas Devadas at MIT on applying CAD optimization techniques from CAD algorithms to on-chip networks, and working with Professor Kevin Tang at Cornell to learn from the Internet.

  • Nithin Michael, Yao Wang, Kevin Tang and G. Edward Suh, Quardrisection-Based Task Mapping on Many-Core Processors for Energy-Efficient On-Chip Communication, Proceedings of the 7th ACM/IEEE International Symposium on Networks-on-Chip (NOCS), April 2013. [ PDF ]
  • Michel Kinsy, Myong Hyon Cho, Keun Sup Shim, Mieszko Lis, G. Edward Suh, and Srinivas Devadas, Optimal and Heuristic Application-Aware Oblivious Routing, IEEE Transactions on Computers, vol.62, no.1, pp.59–73, January 2013. [ IEEE ]
  • Nithin Michael, Ao Tang, and G. Edward Suh, On the Performance of Averaged Optimal Routing, Proceedings of the 46th Annual Conference on Information Sciences and Systems (CISS), March 2012. [ PDF ]
  • Nithin Michael, Milen Nikolov, Ao Tang, G. Edward Suh, and Christopher Batten, Analysis of Application-Aware On-Chip Routing under Traffic Uncertainty, To appear in the Proceedings of the 5th ACM/IEEE International Symposium on Networks-on-Chip (NOCS), May 2011.
  • Michel Kinsy, Myong Hyon Cho, Tina Wen, Edward Suh, Marten van Dijk, and Srinivas Devadas, Application-Aware Deadlock-Free Oblivious Routing, Proceedings of the 36th Annual International Symposium on Computer Architecture (ISCA), June 2009. [ ACM ]
  • Keun Sup Shim, Myong Hyon Cho, Michel Kinsy, Tina Wen, G. Edward Suh, and Srinivas Devadas, Static Virtual Channel Allocation in Oblivious Routing, Proceedings of the 3rd ACM/IEEE International Symposium on Networks-on-Chip (NOCS), May 2009. [ ACM ]

FLEX: FieLd EXtensible and repairable architecture

flex-image.jpg Recent studies showed that the security, reliability, and programmability of a microprocessor can be greatly enhanced with custom hardware capabilities. Unfortunately, high development costs and inflexibility pose significant challenges in deploying custom hardware features in real-world microprocessors. A modern microprocessor development may take several years from the initial design to production, including efforts in verification. As a result, it is often extremely difficult to justify a custom hardware feature unless the feature is already proved to be widely useful.

This project aimed to realize the efficiency and the security of hardware-based techniques on future microprocessors with the flexibility of software. For this purpose, we developed microprocessors where a processing core is tightly coupled with an /on-chip/ reconfigurable fabric such as an FPGA. While FPGA co-processors have been extensively studied as an accelerator to improve the performance of the main computation, we proposed to use an on-chip reconfigurable fabric to implement new hardware functions that are mostly transparent and separate from main computations.

  • Mohamed Ismail and G. Edward Suh, Fast Development of Hardware-Based Run-Time Monitors Through Architecture Framework and High-Level Synthesis, Proceedings of the 30th International Conference on Computer Design (ICCD), October 2012. [ PDF ]
  • Daniel Y. Deng and G. Edward Suh, High-Performance Parallel Accelerator for Flexible and Efficient Instruction-Grained Run-Time Monitoring, Proceedings of the 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012), June 2012. [ PDF ]
  • Daniel Y. Deng and G. Edward Suh, Precise Exception Support for Decoupled Run-Time Monitoring Architectures, Proceedings of the 29th International Conference on Computer Design (ICCD), September 2011. [ IEEE ]
  • Daniel Lo, Greg Malysa and G. Edward Suh, FlexCache: Field Extensible Cache Controller Architecture Using On-Chip Reconfigurable Fabric, Proceedings of the 21st International Conference on Field Programmable Logic and Applications (FPL), September 2011. [ IEEE ]
  • Daniel Y Deng, Daniel Lo, Greg Malysa, Skyler Schneider, and G. Edward Suh, Flexible and Efficient Instruction-Grained Run-Time Monitoring Using On-Chip Reconfigurable Fabric, Proceedings of the 43rd Annual International Symposium on Microarchitecture (MICRO), December 2010.

Non-Volatile Computing

nvc-image.jpg Today's computer systems quickly lose information stored in its memory if the power supply is interrupted even for a short period of time. This weakness against power instability poses a significant limitation on the type of computations that can be carried out by deeply embedded devices, which often need to rely on unreliable self-generated power sources. As an example, today’s self-powered sensor nodes may be able to simply collect and send data but may not be able to perform complex operations such as encryption to preserve privacy.

The objective of this research project was to develop non-volatile computing devices, which allow the power source to be cut off at any time, and yet resume regular operation without loss of information when the power comes back. The main approach was to replace all critical memory components with non-volatile units so that computing state is maintained over power interruptions. This was a joint project with Professor Edwin Kan at Cornell.

  • Wing-kei Yu, Ruirui Huang, Sarah Xu, Sung-En Wang, Edwin Kan, and G. Edward Suh, SRAM-DRAM Hybrid Memory with Applications to Efficient Register Files in Fine-Grained Multi-Threading, To appear in the Proceedings of the 38th International Symposium on Computer Architecture (ISCA 2011), June 2011.
  • Wing-kei Yu, Shantanu Rajwade, Sung-En Wang, Bob Lian, G. Edward Suh, Edwin Kan, A Non-Volatile Microcontroller with Integrated Floating-Gate Transistors, Proceedings of the 5th Workshop on Dependable and Secure Nanocomputing (WDSN), June 2011. [ IEEE ]
  • Shantanu Rajwade, Wing-kei Yu, Sarah Xu, Tuo-Hung Hou, G. Edward Suh, and Edwin Kan, Low Power Nonvolatile SRAM Circuit with Integrated Low Voltage Nanocrystal PMOS Flash, Proceedings of the 23rd IEEE International System-On-Chip Conference, September 2010.

As a part of this project, we also investigated the use of non-volatile memory for security. In particular, we found that analog behaviors in off-the-self Flash memory chips can be leveraged a new set of hardware security functions: true random number generators, hardware fingerprinting, and information hiding.

  • Sarah Q. Xu, Wing-kei Yu, G. Edward Suh, and Edwin C. Kan, Understanding Sources of Variations in Flash Memory for Physical Unclonable Functions, Proceedings of the 2014 International Memory Workshop (IMW), May 2014. [ PDF ]
  • Yinglei Wang, Wing-kei Yu, Sarah Q. Xu, Edwin Kan, and G. Edward Suh, Hiding Information in Flash Memory, Proceedings of the IEEE Symposium on Security and Privacy, May 2013. [ PDF ]
  • Yinglei Wang, Wing-kei Yu, Shuo Wu, Greg Malysa, G. Edward Suh, and Edwin Kan, Flash Memory for Ubiquitous Hardware Security Functions: True Random Number Generation and Device Fingerprints, Proceedings of the IEEE Symposium on Security and Privacy, May 2012. [ PDF ]
  • Pravin Prabhu, Ameen Akel, Laura, Wing-Kei S. Yu, G. Edward Suh, Edwin Kan, Steven Swanson, Extracting Device Fingerprints from Flash Memory Exploiting Physical Variations, Proceedings of the 4th International Conference on Trust and Trustworthy Computing (TRUST), June 2011. [ LNCS ]

Sponsors

Our research is supported by grants and/or gifts from NSF, AFOSR, ONR, ARO, AFRL, SRC, Intel, Xilinx, and SUN (now Oracle).

nsf.jpg aro_logo.jpg xilinx_logo.jpg sun_logo.jpg

 
research.txt · Last modified: 2016/02/25 05:25 by gs272