Ph.D. Candidate, University of Michigan
Joint ECE/CS Faculty Candidate Seminar
Thursday, April 6, 2023, 10:00-11:00am
B02 CSL and Online via Zoom
Title: Securing Systems Running on Insecure Hardware
Abstract: The gap between abstract models used to reason about the security of systems and the reality of implementing them on imperfect hardware often has subtle security ramifications. In recent years, attackers have exploited this gap to extract sensitive information across nearly all hardware backed security domains, resulting in even the most secure, well designed software systems being compromised.
My work studies and explores this gap, thereby laying the foundation for how to effectively secure computer systems against these attacks in a principled manner. In this talk, I will first present some of my work on analyzing and uncovering new classes of vulnerabilities with regards to memory integrity and transient execution attacks. Then, I’ll demonstrate the real world impact of my research, and how it has resulted in hardening widely deployed systems, including OpenSSH, the Linux kernel, Intel’s CPUs and Software Guard Extensions (SGX), and the Google Chrome browser. Finally, I will discuss some of my work towards building systems that are secure by design, with hardware security considered from the very beginning.
Andrew Kwong is a Ph.D. candidate in the University of Michigan’s Computer Science and Engineering Department. His research is in hardware security at the intersection between software, hardware, and applied cryptography. His work has affected the security of millions of devices, resulting in numerous countermeasures, kernel patches, and CPU microcode updates. Andrew’s research won his department’s best research award and a Best Paper Award Honorable Mention at CCS 2022, and has been highlighted in popular media outlets, including Ars Technica, Wired, ZDNet, and The Register, among others.