Google Award for preventing Spectre, Rowhammer in the cloud
PhD student Kevin Loughlin received a Google Fellowship in Privacy and Security to tackle microarchitectural security flaws in multi-user computing systems, including cloud servers.
Loughlin’s project tackles an issue called context isolation on shared computing resources. In settings like cloud computing, with many clients accessing data and running programs on a pool of shared hardware, it’s crucial that different users can’t access each other’s data without explicit permission. Beyond safeguarding privacy, this also keeps remote adversaries isolated from the broader data available on the system.
However, Loughlin says, the level of context isolation provided by today’s systems is out-of-sync with the security needs of cloud providers and customers alike. Current hardware only strongly enforces context isolation at the level of direct access, while interactions between users by way of microarchitectural behavior isn’t well prevented. This is territory that leads the way to things like speculative execution and Rowhammer attacks, where clues provided by hardware behavior can enable data access or corruption without direct access permission.
Loughlin is working to tackle these shortcomings, designing a system that can effectively isolate user processes from each other even from the standpoint of these microarchitectural clues. The project has a dual focus on securing processors and DRAM, with the goals of producing the first processor to pervasively enforce security process isolation at the microarchitectural level and designing a new mitigation strategy for preventing DRAM leakage.
Loughlin works at the intersection of hardware-software co-design and security, with interest in creating novel hardware interfaces for software systems to afford the programmer maximal control of the security, speed, and resource utilization of their code. His recent projects have focused on creating efficient mitigations for microarchitectural exploits such as Spectre and Rowhammer. He’s previously been supported by an NSF Graduate Research Fellowship.