Security Analysis of a Microprocessor

Background:

Today Intel does not use any automated production tools to find security vulnerabilities. For a processor or a platform to be validated, a list of well known validation tests must be applied. This process does not verify the processor's security. Bugs found during this validation phase, can lead to some security vulnerabilities being found but it is hoped that new ways will be implemented to find more security vulnerabilities. Recent advances in computer emulation software should allow for automated security validation to be possible.

Problem Statement:

The main issue that this project intends to solve is that there is currently no automated way of finding security vulnerabilities in processors. In order to accomplish this, a software program must be able to output a list of instructions to move from a given secure state of a deterministic finite state automaton, DFSA, to a given insecure state. The project will provide a set of heuristic based algorithms that will automatically find a list of instructions which complete the path from one state to another. If such a path does not exist then the most complete path will be suggested without any human intervention.

Inadequacy of Current Solutions:

A solution does not exist today due to the potential combinatory explosion that can occur when searching for a transition from one state to the next of an x86 based machine. In the past, the formal side of security detection has been considered but the solutions are inefficient and the time it takes to find the results is too long. Platform emulation technology is new to computer science and there is no other evidence of a modification to this technology in order to scrutinize for security problems. Emulation should allow for computer states to be analyzed in software so that a path finding algorithm can be devised.

Team Members:

Eddie Herrmann edherrmann@gmail.com
Jamey Drennan jamey.drennan@gmail.com
Stacie Merz stacie.merz@gmail.com
Patrick Putnam name2@email.uc.edu
email all team members

Faculty Advisor:

Prof. Ranga Vemuri

Goal:

The final goal is to demonstrate the validity of the concept of deterministically finding paths from secure to insecure processor states. The software developed will be able to identify security problems in a simulated processor by using a path finding heuristic to determine if vulnerable states can be reached. The use of model checkers and platform emulators will assist in validating the algorithms developed.

Subgoals:

  1. Create a small model processor using a subset of the x86 instruction set and implement it in software to simplify the project.

  2. Verify that the heuristic developed will work for a larger processor the same way it works for the smaller one.

Helpful Skills:

  • Assembly programming

  • C programming

  • Computer architecture

  • Finite state automata

  • Security