What’s New: Intel and the UC San Diego announced they have been selected to join the Hardening Development Toolchains Against Emergent Execution Engines (HARDEN) program team for the Defense Advanced Research Projects Agency (DARPA). Adversaries have crafted increasingly complex cyberattacks in reaction to decades of platform hardening efforts and increasing IT security measures that reduce vulnerabilities. Attempts to mitigate these threats have fallen short, creating an increased risk of intrusion into current and legacy code.
CSE professors Dean Tullsen and Deian Stefan are leading the effort at UC San Diego.
How It Works: To address threats of cyberattack, DARPA selected several teams to work on solutions to mitigate and prevent vulnerabilities in integrated computing systems. The four-year joint effort will focus on creating tools rooted in cryptography and formal security theories. As part of this effort, DARPA will utilize Intel’s Cryptographic Capability Computing (C3) system, the first stateless memory safety mechanism that effectively replaces inefficient metadata with efficient cryptography.
Why It Matters: Since at least the mid-1960s, computer scientists have sought “capability-based access control” for its thorough security. Capabilities enlighten processors to fine-grained divisions between data objects in memory, which enables addressing memory safety issues that have persistently accounted for most software vulnerabilities across the industry. These can provide an entry point for adversaries to launch “emergent execution” attacks, which manipulate complex interacting system behaviors (sometimes called “weird machine” behaviors) to compromise data and system operation.
HARDEN will help create practical tools to prevent the exploitation of integrated computing systems by disrupting the patterns of robust, reliable exploits used by attackers and depriving the attackers of emergent execution engines.
The Details: Intel has a long history of developing capability-based access control mechanisms, such as in the iAPX 432 and i960MX processors from the 1980s. The C3 system published at the MICRO 2021 conference overcomes substantial limitations of prior capability-based access control mechanisms, like their heavy reliance on metadata (data about data) that is expensive to store and process, and their incompatibility with legacy code. C3 effectively replaces inefficient metadata with efficient cryptography by encrypting individual pointers and data objects in a way that can be widely deployed, even to legacy x86 software.
The HARDEN program will enable Intel and UC San Diego to further investigate and demonstrate C3’s potential to improve security for legacy and future systems on DARPA-hard challenge programs. This will further the goal of understanding how attackers turn parts of modern computing systems against the whole, so this can be prevented in the future.
What’s Next: The HARDEN program will run for 48 months and is organized into three phases: Phases 1 and 2 will each be 18 months, followed by a 12-month Phase 3. Intel is proud to be a part of this pioneering work with UC San Diego and DARPA, helping keep the U.S. government’s systems secure.