Date of Award

5-2011

Document Type

Thesis

Degree Name

Master of Science (MS)

Legacy Department

Computer Engineering

Committee Chair/Advisor

Smith, Melissa C

Committee Member

Brooks , Richard R

Committee Member

Birchfield , Stanley

Abstract

Virtualization is no longer limited to main stream processors and servers. Virtualization software for General Purpose Processors (GPP) that allow one Operating System (OS) to run as an application in another OS have become commonplace. To exploit the full potential of the available hardware, virtualization is now prevalent across all systems big and small. Besides GPPs, state-of-the-art embedded processors are now capable of running rich operating systems and their virtualization is now a hot topic of research. However, this technological progress also opens doors for attackers to snoop on data that is not only confined to storage servers but also transferred to and used in important transactions on mobile platforms.
This work focuses on side channel attacks that arise due to hardware resource sharing between two concurrently running processes. These attacks can be in the form of monitoring cache accesses of a process or monitoring the power consumption of the system to determine the operation being performed. These attacks are seemingly harmless as the attacking process does not perform any illegal operations to snoop on the information available through side channels.
Side channel attacks have been used to easily decipher encryption keys for AES and RSA algorithms that are the two most commonly used encryption techniques. Software based solutions against these side channel attacks have been documented but do not guarantee a complete solution as they are either too specific to one aspect of an attack or demand changes to the Instruction Set Architecture (ISA) or static hardware designs. Implementation of such solutions is not always feasible.
In this project, we explore the virtualization of a PowerPC processor embedded on a Field Programmable Gate Array (FPGA) using the Kernel-based Virtual Machine (KVM). Then, we propose solutions that make use of the surrounding FPGA fabric to implement security measures that would make execution of side channel attacks difficult.
Lastly, this work provides detailed discussion on how to setup a development platform for FPGA-enabled hardware security, which involves cross compilation.

Download

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.