Guest seminar with Christophe Deleuze: Hardware vulnerabilities, software counter-measures, and compilers

• When: 13:15-14:00, Thursday April 16. After the seminar there will be time for discussions with those interested.
• Where: E:2116
• Speaker: Christophe Deleuze, Associate Professor in computer science in the CTSYS team of the LCIS laboratory, part of the Université Grenoble Alpes.
• Title: Hardware vulnerabilities, software counter-measures, and compilers

Abstract

With sufficient time and effort, software systems can (at least in theory) be proved to be correct, ie to conform to their functional specification.  Nowadays, most systems also need to be /secure/, ie ensure /security properties/ even when run by malicious actors.

Hardware attacks exploit the fact that software runs on hardware involving physical processes.  Side-channel attacks aim at extracting secret data from a running system by observing non functional aspects of the system, such as execution time, power consumption, etc.  Fault injection attacks proceed by /physically perturbating/ the system to alter the program state and outcome.

Software modifications /(counter-measures)/ can be designed to remove hardware vulnerabilities.  It turns out that current compilers, not only do not help much in applying counter-measures, but often actually hinder it.  I'll give examples, then try to explain why it is so, and describe ideas about what can be done about it.