This page summarizes major research projects that we have worked on and provides selected publications for each project. A complete list of pulications can be found in the publications page.

AEGIS: Single-Chip Secure Processor

We have been investigating new processor architecture that enables secure computing under potentially malicious operating systems and physical attacks. The processor identifies the operating system with cryptographic hashes, provides users with a way to authenticate the operating system with physical random functions, and protects off-chip memory from physical attacks. We have developed efficient memory encryption and integrity verification algorithms, and implemented an FPGA prototype of the processor. This processor is currently fully functional on an FPGA.

  • G. Edward Suh, AEGIS: A Single-Chip Secure Processor, MIT CSAIL CSG-TR-489 (Doctoral Dissertation), September 2005. [ PDF ]
  • G. Edward Suh, Charles W. O’Donnell, Ishan Sachdev, and Srinivas Devadas, Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random Functions, Proceedings of the 32nd Annual International Symposium on Computer Architecture, June 2005. (This memo is a slightly updated version) [ PS ] [ PDF ] [ SLIDES(PPT) ]
  • G. Edward Suh, Dwaine Clarke, Blaise Gassend, Marten van Dijk, and Srinivas Devadas, Efficient Memory Integrity Verification and Encryption for Secure Processors, Proceedings of the 36th Annual International Symposium on Microarchitecture (MICRO36), pages 339-350, San Diego, CA, December 2003. [ PS ] [ PDF ] [ SLIDES ]
  • G. Edward Suh, Blaise Gassend, Dwaine Clarke, Marten van Dijk, and Srinivas Devadas, The AEGIS Processor Architecture for Tamper-Evident and Tamper-Resistant Processing, Proceedings of the 17th International Conference on Supercomputing (ICS’03), pages 160-171, San Francisco, CA, June 2003. (Revised version) [ PS ] [ PDF ] [ SLIDES ]
  • Blaise Gassend, G. Edward Suh, Dwaine Clarke, Marten van Dijk, and Srinivas Devadas, Caches and Hash Trees for Efficient Memory Integrity Verification, Proceedings of the High Performance Computer Architecture 9 (HPCA9), pages 295-306, Anaheim, CA, February 2003. [ PS ] [ PDF ]

Architectural Support for Secure Program Execuction

The goal of this project is to provide hardware support for preventing various software attacks exploiting program bugs such as buffer overflows and the format string vulnerability. We have developed a low-overhead mechanism to dynamically track potentially malicious I/O inputs and restrict the use of them. This mechanism is evaluated on the Bochs x86 emulator. We are also investiagting other ways to detect broader set of attacks and automatically identifying the source of the attack enabling easy generation of attack signatures.

  • G. Edward Suh, Jae W. Lee, David X. Zhang, and Srinivas Devadas, Secure Program Execution via Dynamic Information Flow Tracking, Proceedings of the 11th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS XI), pages 85-96, Boston, MA, October 2004. [ PS ] [ PDF ] [ SLIDES ]

Physical Unclonable Functions – Authentication/Secret Key Generation

The Physical Random Functions (PUFs) address the problem of storing secrets in computing devices and sharing the secrets with the devices. By extracting secrets from complex physical systems rather than storing digital information, PUFs allow computing devices to securely contain secrets without any customization or special manufacturing process. We are working on secure and reliable secret generation from PUFs, and the integration of PUFs with processors. We are also studying methods to use PUF circuits for physically secure random number generation. Most recently, the technology has been applied to RFIDs to create an unclonable RFIDs.

  • G. Edward Suh, and Srinivas Devadas, Physical Unclonable Functions for Device Authentication and Secret Key Generation, Proceedings of the 44th Design Automation Conference (DAC’07), San Diego, CA, June 2007. [ PDF ]
  • Daihyun Lim, Jae W. Lee, Blaise Gassend, G. Edward Suh, Marten van Dijk, and Srinivas Devadas, Extracting Secret Keys from Integrated Circuits, IEEE Transactions on Very Large Scale Integration (VLSI) Systems, Volume 13, Issue 10, Pages 1200-1205, October 2005. [ PDF ]
  • Jae W. Lee, Daihyun Lim, Blaise Gassend, G. Edward Suh, Marten van Dijk, and Srinivas Devadas, A Technique to Build a Secret Key in Integrated Circuits for Identification and Authentication Applications, Proceedings of the Symposium on VLSI Circuits, pages 176-179, Honolulu, HI, June 2004. [ PS ] [ PDF ]

Integrity Protection of Untrusted Storage

This project investigated efficient ways to check the integrity of untrusted storage such as off-chip memory in secure processors or distributed storage on the Internet. The new integrity checking scheme can achieve a constant overhead for each read/write operation if a long sequence of operations are checked together.

  • Dwaine Clarke, G. Edward Suh, Blaise Gassend, Ajay Sudan, Marten van Dijk and Srinivas Devadas, Towards Constant Bandwidth Overhead Integrity Checking of Untrusted Data, 2005. Proceedings of the 2005 IEEE Symposium on Security and Privacy (This memo is a slightly updated version) [ PS ] [ PDF ]
  • Dwaine Clarke, Srinivas Devadas, Marten van Dijk, Blaise Gassend, and G. Edward Suh, Incremental Multiset Hash Functions and Their Application to Memory Integrity Checking, Proceedings of the 9th International Conference on the Theory and Application of Cryptology and Information Security (Asiacrypt 2003), Lecture Notes in Computer Science (LNCS), Vol. 2894, pages 188-207, Taipei, Taiwan, November 2003. [ PS ] [ PDF ]

Malleable Caches

This project focused on developing techniques to improve the utilization of large (shared) cache memory. For example, caches must be efficiently shared among multiple cores on a chip in CMPs. As a mathematical study, we developed an analytical model to estimate the effects of sharing (both time sharing with context switches and simultaneous sharing in CMP and SMT processors) on cache performance. This model led to the development of dynamic cache partitioning and cache-aware job scheduling techniques. We have also investigated efficient data movement schemes for I/O intensive applications utilizing OS job scheduling information.

  • G. Edward Suh, Larry Rudolph, and Srinivas Devadas, Dynamic Partitioning of Shared Cache Memory, The Journal of Supercomputing, 28(1), pages 7-26, April 2004. [ PDF ]
  • Prabhat Jain, G. Edward Suh, and Srinivas Devadas, Intelligent SRAM (ISRAM) for Improved Embedded System Performance, Proceedings of the 40th Design Automation Conference (DAC’03), pages 869-874, Anaheim, CA, June 2003. [ PS ] [ PDF ]
  • G. Edward Suh, Srinivas Devadas, and Larry Rudolph, A New Memory Monitoring Scheme for Memory-Aware Scheduling and Partitioning, Proceedings of the High Performance Computer Architecture 8 (HPCA8), pages 117-118, Boston, MA, February 2002. [ PS ] [ PDF ] [ SLIDES ]
  • G. Edward Suh, Larry Rudolph, and Srinivas Devadas, Effects of Memory Performance on Parallel Job Scheduling, Proceedings of the 7th International Workshop on Job Scheduling Strategies for for Parallel Processing (JSSPP 2001), Lecture Notes in Computer Science (LNCS), Vol. 2221, pages 116-132, Cambridge, MA, June 2001. [ PS ] [ PDF ]
  • G. Edward Suh, Larry Rudolph, and Srinivas Devadas, Dynamic Cache Partitioning for Simultaneous Multithreading Systems, Proceedings of the IASTED International Conference on Parallel and Distributed Computing and Systems (PDCS’01), pages 635-641, Anaheim, CA, August 2001. (Best paper award) [ PS ] [ PDF ] [ SLIDES ]
  • G. Edward Suh, Srinivas Devadas, and Larry Rudolph, Analytical Cache Models with Application to Cache Partitioning, Proceedings of the 15th International Conference on Supercomputing (ICS’01), pages 1-12, Sorrento, Italy, June 2001. [ PS ] [ PDF ] [ SLIDES ]

ACM and IEEE-mandated Copyright Notice

The documents listed above are posted as a means to ensure timely dissemination of scholarly and technical work on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author’s copyright. These works may not be reposted without the explicit permission of the copyright holder.