Date of Award

5-2011

Document Type

Thesis

Degree Name

Master of Science (MS)

Legacy Department

Computer Engineering

Advisor

Smith, Melissa C

Committee Member

Brooks , Richard R

Committee Member

Birchfield , Stanley

Abstract

Virtualization is no longer limited to main stream processors and servers. Virtualization software for General Purpose Processors (GPP) that allow one Operating System (OS) to run as an application in another OS have become commonplace. To exploit the full potential of the available hardware, virtualization is now prevalent across all systems big and small. Besides GPPs, state-of-the-art embedded processors are now capable of running rich operating systems and their virtualization is now a hot topic of research. However, this technological progress also opens doors for attackers to snoop on data that is not only confined to storage servers but also transferred to and used in important transactions on mobile platforms.
This work focuses on side channel attacks that arise due to hardware resource sharing between two concurrently running processes. These attacks can be in the form of monitoring cache accesses of a process or monitoring the power consumption of the system to determine the operation being performed. These attacks are seemingly harmless as the attacking process does not perform any illegal operations to snoop on the information available through side channels.
Side channel attacks have been used to easily decipher encryption keys for AES and RSA algorithms that are the two most commonly used encryption techniques. Software based solutions against these side channel attacks have been documented but do not guarantee a complete solution as they are either too specific to one aspect of an attack or demand changes to the Instruction Set Architecture (ISA) or static hardware designs. Implementation of such solutions is not always feasible.
In this project, we explore the virtualization of a PowerPC processor embedded on a Field Programmable Gate Array (FPGA) using the Kernel-based Virtual Machine (KVM). Then, we propose solutions that make use of the surrounding FPGA fabric to implement security measures that would make execution of side channel attacks difficult.
Lastly, this work provides detailed discussion on how to setup a development platform for FPGA-enabled hardware security, which involves cross compilation.

Share

COinS