Evaluating trade-offs between performance and security in hardware and system software

The ubiquitous network connectivity of all ICT devices great and small increases the risk of cyber attacks against these devices. The vulnerabilities that enable these attacks used to be mainly software vulnerabilities. However, the last few years have seen a new kind of attacks: remote software controlled attacks that exploit subtle defects, oversights or even features in hardware to break important security objectives of the hardware/software system. The recent Meltdown and Spectre attacks that exploit micro-architectural side-effects of speculatively executed instructions are very high-profile examples. For such attacks, the vulnerability is at least partly in the hardware, and designing countermeasures may require changes to hardware and/or system software. Currently it is unclear how to rigorously mitigate these attacks. Yet, we understand that an important enabler for the vulnerabilities lies in optimisations introduced to increase performance. Hence, this research project aims to develop a better understanding of these attacks, and of the trade-offs between security and performance in hardware and system software. We want to build a deeper understanding of the security risks introduced by this new class of attacks by studying existing attack techniques and developing new ones. We want to design countermeasures that effectively mitigate these attacks, and we want to quantify the performance cost of these countermeasures.