Online browsing is a routine part of modern life. It’s also riddled with privacy risks. A joint academic and industry research team, led by computer scientists from the University of California San Diego, have proposed a simple and transformative extension to existing processors to mitigate security breaches.
A team of eight professors, students, and alumni from the Jacobs School of Engineering’s Department of Computer Science and Engineering -and their co-authors were honored during the 2024 USENIX Security Symposium at an event recognizing the top papers in hardware security for the previous year. They were one of just three teams to receive an Intel Hardware Security Academic Award, earning honorable mention for their paper, Going beyond the Limits of SFI: Flexible and Secure Hardware-Assisted In-Process Isolation with HFI.
Hardware-assisted fault isolation, or HFI, is a minimally intrusive extension for existing processors which allows them to support, for the first time, efficient in-process isolation that is flexible, highly scalable, and secure even against speculative attacks like Spectre.
HFI overcomes the inability of modern page-based protection architectures to support fine-grain isolation, while concurrently addressing the limitations of software-based isolation (SFI) systems. SFI has been plagued by runtime overheads, poor scalability, vulnerability to attacks, and limited compatibility with existing code. HFI offers a path beyond these constraints.
To date, the team’s research has garnered a distinguished paper award at the 2023 Architectural Support for Programming Languages and Operating Systems conference and was selected as one of the top computer architecture papers of the year, to be recognized in the IEEE Micro Top Picks in Computer Architecture special issue.
In addition to researchers from Fastly, Rivos and Intel Labs, the following CSE co-authors contributed to the award-winning paper:
- Tal Garfinkel, a UC San Diego researcher
- Evan Johnson, a CSE PhD student
- Daniel Moghimi, a former CSE postdoc
- Shravan Narayan (PhD ’22), an assistant professor at The University of Texas at Austin
- Mohammadkazem Taram (PhD ’22), an assistant professor at Purdue University
- Joey Rudek, a CSE PhD student
- Deian Stefan, a CSE associate professor
- Dean Tullsen, a CSE professor
This work was supported in part by a Sloan Research Fellowship; by the NSF under Grant Numbers CNS2155235, CNS-2120642, and CAREER CNS-2048262; by gifts from Intel, Google, and Mozilla; and by DARPA HARDEN under contract N66001-22-9-4017.
By Kimberley Clementi