Speaker: Khurram Bhatti, Associate Prof. (ITU, Lahore) & Adjunct Faculty (UBS, Lorient)

When: Thursday April 20th, 9h30 CEST

Where:  Zoom (https://zoom.us/j/94267641533?pwd=MGdxbmprY2FDZFFCL0lpSFViQTBiUT09)

Title: Whispering Devices — The Case of Microarchitectural Vulnerabilities, Attacks & Mitigation

Abstract: The recent revelations of security and privacy vulnerabilities in computing infrastructure, both at software and hardware levels, have been appalling. These vulnerabilities affect almost all processors & controllers, across virtually all operating systems and architectures. These vulnerabilities also span across multiple levels, from execution units to memory sub-system and interconnect networks. At system level, integration of IoT (Internet of Things) devices and deployment of elaborate CPS (Cyber-Physical Systems) in the large-scale critical information infrastructures (CIIs) of the modern-day industry is triggering a natural expansion of the attack surface as well.

In this talk, we will focus on access- and timing-driven cache-based side- and covert-channel attacks (SCAs). We will cover detection and mitigation techniques for some stealthy SCAs that are based on machine learning classifiers, coupled with real-time behavioral data of concurrent processes that is acquired via Hardware/Software Performance Counters (HPCs/SPCs). The goal is to detect, and subsequently mitigate, the attacks at run-time. Apart from detection-based mitigation, we will also discuss the design of novel cache architectures that can help obfuscate some critical information, such as conventional cache structure/organization and their replacement policies, through indirect eviction. These solutions are based on software techniques that eliminate the direct relation between incoming memory blocks and the evicted cache lines, the so-called eviction set, by using novel procedures of re-indexing, relocation and lazy eviction in a cache. Future research directions will be presented as well, with a special focus on resilient designs combining security, privacy, dependability, safety, and sustainability.

Short Bio: Khurram Bhatti is currently working as an Associate Professor of Computer Engineering at the Information Technology University, ITU, Lahore, Pakistan. He is also an Adjunct Faculty member at the University of South Brittany (UBS), Lorient, France, for the European Erasmus-Mundus joint master’s program in cybersecurity, called the CYBERUS. His research interests are in system security, hardware & microarchitectural security, embedded systems, real-time systems, AI & machine learning for security, and computer architecture. Khurram is a Marie-Curie Research Fellow (post-doctorate) from the KTH Royal Institute of Technology, Stockholm, Sweden (2014), and holds a Master (2007) in Embedded Systems and PhD (2011) in Computer Engineering from the University of Côte d’Azur (UCA), Nice, France. His Bachelor of Engineering (BE) degree (2003) is from Pakistan with specialization in Industrial Electronics. Khurram possesses more than 12 years of teaching and research experience in higher education. He is currently heading a research group on Embedded Systems at ITU. He is also associated with the Remote Sensing & Spatial Analytics (RSA) research team at ITU — a passionate group of researchers working on the technological interventions for Climate monitoring, adaption and mitigation.