The websites you frequently visit and the software programs you use could leave behind clues that make your computer vulnerable to a cyberthreat known as a microarchitectural attack. But one UCF researcher is investigating the cause of these attacks, and discovering ways to prevent them, through a $550,000 grant from the National Science Foundation.
Assistant Professor Fan Yao of the Department of Electrical and Computer Engineering has been awarded funding through the NSF Faculty Early Career Development Program (CAREER). He is the only faculty member from the College of Engineering and Computer Science to be selected for a CAREER award this year.
“Being selected for the NSF CAREER award is truly an honor, especially as the sole recipient from CECS this year,” Yao says. “This recognition not only reflects the potential of our research but also highlights the supportive environment at UCF that has allowed our ideas to flourish. I am deeply grateful for this opportunity and excited about the doors it opens for further exploration and contribution in our field.”
Small Attacks, Big Consequences
Microarchitectural attacks exploit the way that a computer processes and stores information to gain access to personal data. For example, Spectre and Meltdown attacks use vulnerabilities in the processor to trick the memory and gain access to programs that hold valuable information. In a Rowhammer attack, hackers essentially break a computer’s dynamic random-access-memory (DRAM) cells to glean sensitive data, and in cache attacks, cyberattackers observe how long it takes for a computer to load websites and programs to gain to clues that can lead to private data.
“Microarchitectural attacks pose a particularly grave threat because they can potentially exfiltrate all types of data from a victim’s computing system,” Yao says. “This includes sensitive information like banking details, password credentials and personal documents, including photos. Moreover, these attacks could be used to eavesdrop on users — for example, by monitoring which websites a user is accessing at specific times.”
Computers aren’t the only devices susceptible to these attacks. Laptops, mobile phones and tablets can also be hacked. Yao advises users to only download apps from reputable sources and to frequently install microcode updates that can fix hardware-level issues.
Finding Solutions
With increasing concern over microarchitectural attacks in the cybersecurity community, Yao and his team of researchers aim to better understand how these crimes occur and find solutions to mitigate them. Their goal is to identify new vulnerabilities, create a comprehensive strategy to prevent information leaks and to enhance the security of modern-day computer systems.
Some of the techniques the group will explore include integrating isolation mechanisms into the hardware to ensure critical information is not shared across domains, quarantining and auditing hardware components that can be difficult to isolate, and employing advanced techniques to remove the data-based clues that can lead hackers straight to the information they seek.
“Typically, microarchitectural attacks stem from some form of resource sharing between two untrusted domains,” Yao says. “At a high level, mitigating these attacks requires robust cross-layer security mechanisms that involve both software and hardware.”
Story by Marisa Ramiccio