CyLab Seminar: Flavien Solt

August 29, 2024

12:00 p.m. ET

Zoom or CIC room 4105, Panther Hollow

Flavien Solt

*Please note: this CyLab seminar is open only to partners and Carnegie Mellon University faculty, students, and staff.

Flavien Solt
Postdoctoral Researcher
Department of Information Technology and Electrical Engineering at ETH Zurich, COMSEC group

Talk Title:
Merchants of Vulnerabilities: How Bug Bounty Programs Benefit Software Vendors

SWe entered an era where new hardware flourishes at an unprecedented pace and with unseen diversity. We are also living in an era where security and safety are paramount, and where the potential impact of a single bug can be catastrophic. Hence, we urgently need foundations to detect as many hardware bugs as possible before their deployment.

Hardware validation is universally recognized as complex, expensive and tedious. Despite genuine best efforts, the last decade has shown that the industry is incapable of producing non-trivial bug-free hardware. What will then happen with the rise of open-source hardware? Without effective and easy-to-adopt solutions for validation, it is hard to believe that the open-source hardware community will be able to produce safe and secure hardware, despite its best intentions.

Interestingly, the exact same situation occurred in the software world some decades ago. Software was plagued with myriads of bugs and security issues, after what the software community developed a formidable set of tools and methodologies to detect bugs and security issues. Could we adapt some of these tools and methodologies to hardware?

To answer this question, we first observe many CPU errata, deduce the most promising techniques from software security, and adapt them. To understand contemporary CPU bugs, we build the RemembERR database based on thousands of errata. We deduce two techniques inspired by software security that are particularly promising for hardware: dynamic information flow tracking and fuzzing. We introduce CellIFT, the first scalable hardware dynamic information flow tracking mechanism and showcase 4 new architectural or microarchitectural security applications. We then introduce Cascade, a black-box CPU fuzzer that found dozens of new bugs and outperforms other fuzzers’ coverage. We finally demonstrate MiRTL, a new class of hardware attacks that relies on EDA software bugs, and propose TransFuzz, a fuzzer that produces complex hardware descriptions to find such bugs in popular open-source EDA software.

All these contributions demonstrate that when properly adapted, software security techniques can provide effective and easy-to-adopt solutions that will empower safer and more secure hardware..

Flavien is a postdoctoral researcher in the Department of Information Technology and Electrical Engineering at ETH Zurich at the COMSEC group. His research mainly focuses on digital hardware security and led to multiple publications in top-tier security or computer architecture venues (e.g., S&P, USENIX Security, MICRO, etc.).

Upcoming Events