Hardware-software interfaces for security
Security has become a first-order design constraint. The software development community has already recognized this, and it is now clear computer architecture must also design systems with security in mind. However, this requires revisiting decades-old hardware development patterns.
Many of the architectural innovations that have driven the increase in compute capability for the past 50 years were designed ignoring their security implications. It is time for us to revisit many of these microarchitectural optimizations with security in mind.
Secure High-performance computing
Scientific data today is at risk due to how it is collected, stored, and analyzed in highly disparate computing systems. How can we make claims about the integrity of data as it traverses open, international networks and via instruments and systems with widely varying reliability and provenance? Numerous causes for integrity loss are possible, including bugs in existing computational pipelines, network events, user error, unintentional system effects or even intentional attack by outsiders (e.g., scientific competitors), insiders (e.g., disgruntled employees), or in the hardware/software supply chain, without any trace of the modification. Given these gaps and shortcomings in existing HPC solutions, how can we make claims about the integrity of the scientific data as it traverses those systems and networks?
We believe that in order to solve the problems described above that future HPC hardware and software solutions should be co-designed together with security and scientific computing integrity concepts designed and built into as much of the stack from the outset as possible. Given the risk of data loss due to software and hardware, this should take into account hardware elements, operating systems, compilers, application software, and the networking stack, all the way down to the way in which software developers write software and users interact with systems in a way that can affect scientific computing integrity. However, prior to laying out the research roadmap to design and construct such an architecture, we believe that several important aspects first need to be understood more clearly.
This project takes a broad look at several aspects of security and scientific integrity issues in HPC systems. Using several case studies as exemplars, and working closely with both domain scientists as well as facility staff, we propose to test and validate several initial concepts in existing scientific computing workflows at NERSC DOE HPC facility, and analyze those models better characterize integrity-related computational behavior.
This project is in collaboration with Sean Peisert at Lawrence Berkeley National Labs. See also the LBL project page.
HammerSim: A Tool to Model Rowhammer
Kaustav Goswami, Ayaz Akram, Hari Venugopalan, Jason Lowe-Power, Young Architect Workshop at ASPLOS 2023.
Enabling Design Space Exploration for RISC-V Secure Compute Environments
Ayaz Akram, Venkatesh Akella, Sean Peisert, Jason Lowe-Power. Fifth Workshop on Computer Architecture Research with RISC-V (CARRV 2021). With ISCA 2021.
Performance Analysis of Scientific Computing Workloads on General Purpose TEEs
Ayaz Akram, Anna Giannakou, Venkatesh Akella, Jason Lowe-Power, Sean Peisert. 35th IEEE International Parallel & Distributed Processing Symposium (IPDPS ...
Using Trusted Execution Environments on High Performance Computing Platforms
Ayaz Akram and Anna Giannakou, Venkatesh Akella, Jason Lowe-Power, Sean Peisert Open-source Enclaves Workshop (OSEW 2019) 2019.
A Case for Exposing Extra-Architectural State in the ISA
Jason Lowe-Power, Venkatesh Akella, Matthew K. Farrens, Samuel T. King, and Christopher J. Nitta. HASP Workshop with ISCA 2018.
Border Control: Sandboxing Accelerators
Lena E. Olson, Jason Lowe-Power, Mark D. Hill, David A. Wood MICRO 2015.
This work is supported by NSF CSR-1850566 and jointly funded through Lawrence Berkeley National Labs.