We have been exploring how designs at the hardware-software interface can improve overall systems security. Traditionally, security has been the domain of software solutions, but increasingly hardware support in the from of trusted computing, Intel SGX and TXT, ARM authenticated pointers and the upcoming CET extensions have meant that hardware acceleration for strong security guarantees is increasingly possible. Hardware support for security has been an area I have been working for almost 20 years now. I proposed seminal work on XOM, one of the first architectures to provide hardware-enforced trusted execution — a precursor to modern day Intel TXT, SGX and ARM Trustzone. This also included the design of a matching operating system, and formal verification of the hardware architecture. As hardware support (intel VT and VT-d) for virtualization became available for x86, we explored security designs using hardware virtualization, building and experimenting with system architectures like Proxos and Patagonix. More recently, we have been exploring the use of Intel MPX to prevent return-oriented programming (ROP) attacks in a system we call Light-Weighted Memory Protection (LMP), the most effective way of executing arbitrary code in the face of non-executable pages. LMP is able to stop ROP attacks while imposing only a 4% overhead because of its clever use of hardware support.
Hardware-Software security co-designs are more relevant than ever today. Many device manufacturers are becoming vertically integrated — that is, they control the entire software-hardware stack. For example, Intel is acquiring software security companies, such as McAfee, while Apple, Google, Samsung and Huawei all produce devices where the chips, hardware, software and applications are all built in-house. At the same time, hardware security vulnerabilities, such as Meltdown and Spectre are becoming a concern. This makes it an extremely exciting time to explore the security of the interface between hardware and software!