Sites Inria

Version française


Jean-Michel Prima - 29/08/2017

Protecting the hardware/software interface


When a system is made up of hardware and software, the intersection of both can at times turn out to be a porous border of a sort through which a malware might eventually intend to sneak. In Rennes, Brittany, France, Inria research center has teamed up with Secure-IC, a company specializing in the protection of embedded devices against cyber-physical attacks, in order to explore innovative methods for better detecting potential vulnerabilities at this crucial junction.

“By the year 2030, the number of connected objects is expected to exceed 100 times the number of human beings. Protecting these systems is the  next challenge ahead,” sums up Sylvain Guilley , a professor at TELECOM-Paris Tech and co-founder of Secure-IC , a Rennes-headquartered SME whose baseline reads: ‘The Security Science Company’. “We develop security solutions for embedded systems such as Systems-on-Chip, and indeed, we hold security as a science whose explicit methodologies are meant to demonstrate a level of protection for products and services. Our R&D activity is a business line in its own right and we maintain close ties to various academic laboratories, including several Inria research teams.

The new parternship involves Tamis , a group of scientists dedicated to malware and code analysis among other things. “This collaboration echoes our complementarity at the interface of hardware and software expertise. Researchwise, this intersection is a hugely interesting topic and something of an Achilles' heel. ”  Why? “Because hardware and software communities live side by side but they seldom exchange information.

Enough of a no-man's land then for a virus to wriggle in? “There is a risk of what we call micro-architectural attacks. Routinely, an Operating System may well run an application on a processor for a while and then stop it in order to run another one. So, in essence, the hardware successively handled information from two different applications. Now, what if the first one was a sensitive application and the second one happened to be a malware? It might be possible for the latter to pick execution traces and grab bits and pieces of information from the former. Even worse, the malware could try to reach some of the processor's internal mechanisms in order to crash or hijack the sensitive application next time it is executed.  This type of attacks exploits the fact that software afterall do not function in a vacuum. It interacts with the hardware. By combining the information-exploitation techniques of the software community and information leakage analysis, which used to be a specialty of the hardware community, one can successfully untertake a number of attacks. ” Which is precisely what researchers must do in order to understand the extend of the threat prior to patching the newly discovered vulnerability.

Another avenue of research regards the handling of application bugs. “Prior to being an annoyance for users, a bug is actually a security threat that might be exploited. Of course, one can invest a lot of time in all sort of detection tools. And these efforts are necessary. Having said that, we came up with a question. Why should even the hardware execute a bug when it hits upon one? The answer is obvious. The processor is completely unable to distinguish between malicious and benign code. It sees it a just yet another set of instructions. It doesn't mull over whether it's right or wrong to execute such code despite the fact that it conflicts with a mathematical property. So why not let the hardware check it? We have identified four conditions that could be validated by the processor in real time, that is to say without slowing down the execution speed.
In practical terms, the partnership will result in the recruitment by Secure-IC of  PhD students enrolled in the doctoral course in the laboratory. The first one, Martin Moreau, will deal with post-quantum cryptography. This thesis will be co-directed by Annelie Heuser, a former PhD student of Sylvain Guilley who recently joined Tamis. “During her own thesis, she worked a lot on sorting out this hodgepodge of known hardware attacks so that we now have a much clearer vision of which one are the most effective in certain contexts or which one can be optimized.

The collaboration between Inria and Secure-IC “shouldn't be construed solely as a bilateral relation, but as an initiative withing the PEC, ” the cyber excellence cluster launched by the French DoD and the Regional Council of Brittany. “Security is a matter of having an ecosystem. It only takes but one attack to reach a target whereas defense demands that every single contingency be covered. It's an asymmetric situation which calls for a global vision. And this is really what the PEC is about: a mix of private and public undertakings, academics and businesses, well-seasoned players and new ventures. When I travel to Singapore or Tokyo, where we also have offices, this ecosystem is regarded as a world level model for fostering innovation.

Keywords: Secure-IC INRIA Rennes - Bretagne Atlantique TAMIS Partenariat Cybersécurité Axel Legay