2022-05232 - Starting Research Position F/M Restricting ISA semantics for increased security

Contract type : Fixed-term contract

Level of qualifications required : PhD or equivalent

Fonction : Tempary Research Position

Level of experience : From 3 to 5 years

About the research centre or Inria department

The Inria Rennes - Bretagne Atlantique Centre is one of Inria's eight centres and has more than thirty research teams. The Inria Center is a major and recognized player in the field of digital sciences. It is at the heart of a rich R&D and innovation ecosystem: highly innovative PMEs, large industrial groups, competitiveness clusters, research and higher education players, laboratories of excellence, technological research institute, etc.

Context

The security of embedded systems and the components they integrate is of growing importance in the cybersecurity arena. To address those challenges, the already-rich French research community in embedded systems security is joining forces within the PEPR Cysersecurity project ARSENE in order to accelerate research & development in this field. The main objectives of the project are to allow the French community to make significant advances in the field, to strengthen the community’s expertise and visibility on the international stage. The first part of the ARSENE project is on the study and implementation of two families of RISC-V processors: 32-bit RISC-V for low power secure circuits against physical attacks for IoT applications and 64-bit RISC-V secure circuits against micro-architectural attacks for rich applications. The second aspect of the project pertains to the secure integration of such new generations of secure processors into System of Chips, to the research and development of secure building blocks for such SoCs like secure and robust Random Number Generators, memory blocks secured against physical attacks, memories instrumented for security and agile hardware accelerators for next generation of cryptography. This work on hardware security is completed by studies on software tools for dynamic annotation of code for next generation of secure embedded software, by the implementation of a secure kernel for an embedded OS and by research work on the dynamic embedded supervision of the system. A last, but very significant, aspect of this project is the implementation of FPGA and ASIC demonstrators integrating the components developed in this project. Those demonstrators shall offer a unique opportunity to showcase the results of the project.

 

Assignment

The candidate will integrate a team of researchers dedicated to inventing new security solutions at the level of microarchitecture, architecture and compilation. They will be assigned the design and development of code generation tasks, either within the compiler, or as a dynamic binary rewriting component.
Currently envisioned solutions include the following.

  • Restricting the usage of indirect jump instructions. We have experience in dynamic binary rewriting of indirect jumps, and we are interested in exploring this direction in more depth.
  • Constant-time execution. We assume that constant-time execution can only be achieved through a hardware/software contract of the timing behaviour of the chip during execution. The RISC-V Zkt extension explores this direction by considering constant-time execution of instructions taken independently. We would like to guarantee the constant-time execution of instruction sequences. The idea consists in tagging registers that contain sensitive information. These registers shall therefore not be used by any non constant-time instruction, depending on the microarchitecture. The role of the compiler will be to make sure this does not happen, and the hardware will control if this condition holds.
  • Handling explicit security domains. The microarchitecture introduces semantics to isolate security domains with various side effects. In particular, the hardware must guarantee that there is no possible architectural covert channel between two different security domains.
  • Robustness against speculation attacks. The concept of speculation barrier has many flaws that prevent it from being widely applicable on any microarchitecture. We want to explore alternatives. Either control-flow instructions exist in two flavours: with possible speculation and without. The compiler shall decide when to emit each flavour, based on an analysis of the risk of an attack at a given point in the code. Or we may tag a register as security critical and any instruction handling this register must prevent speculation attacks. These solutions must be evaluated, compared, and integrated in the compiler workflow.

The candidate will also be encouraged to propose new schemes, to be discussed with the team.

As this research is of interest to the RISC-V Foundation, there is a possibility that developments are merged into RISC-V official repositories.

Main activities

  • Conduct bibliographic study
  • Elaborate and discuss of new ideas
  • Implement ideas in an experimental compiler framework
  • Conduct performance evaluation and experimentation
  • Give feedback to architects
  • Write scientific papers
  • Give research talks

Skills

Required technical skills :

  • proficiency in C, C++
  • understanding of assembly language, in particular RISC-V
  • knowledge of compiler internals, in particular LLVM
  • knowledge of processor microarchitecture

Languages : English (read, written, spoken)

Relational skills :

  • ability to work in a team
  • autonomy

Benefits package

  • Subsidized meals
  • Partial reimbursement of public transport costs
  • Possibility of teleworking ( 90 days per year) and flexible organization of working hours
  • partial payment of insurance costs

Remuneration

gross monthly salary from 3039 euros to 4296 euros depending on profile and experience