CYBERSECURITYNSF Backs Processor Design, Chip Security Research

Rice Universitycomputer scientists have won two grants from the National Science Foundation to explore new information processing technologies and applications that combine seamlessly co-designed hardware and software to allow for more effective and efficient data stream analysis using pattern matching.

Initiated by a Rice seed grant, the projects address the limitations of current computing infrastructure’s ability to process complex, unstructured data streams.

A $1.2 million award will support Kaiyuan Yang, Konstantinos Mamouras and Todd Treangen in developing a programmable formal specification-based data stream processor that can analyze input from physical, biological and other systems, enabling real-time monitoring and informed decision-making in varied contexts ⎯from health-monitoring to bioinformatics or cybersecurity applications.

“In a typical central processing unit (CPU), the part that stores the data and the part that does the computing are separate,” said Yang, an associate professor of electrical and computer engineering who is principal investigator on the grant. “Every time you want to compute, you go back and forth between the two, which works well for general-purpose computing.”

However, in a high-volume stream processing context, the back-and-forth movement of data in conventional CPUs can be time- and energy-consuming, hindering the performance of pattern-matching tasks, Yang said.

“We have been working on a new technology called in-memory computing that stores patterns inside memory, allowing you to do the matching without reading each pattern sequentially,” Yang said. “This is a very ambitious project that pursues a completely new computing system compared to anything that has been done before, because we are trying to redesign the entire computing stack specifically for real-time pattern-matching applications.

“This work cuts across the whole range of expertise in electrical and computer engineering and computer science, starting from circuits and hardware all the way up to software programming, formal methods and applications.”

Treangen, an associate professor of computer science whose research focuses on computational and software monitoring methods for biological, medical and population-health phenomena, will help Yang and Mamouras figure out how to tailor the new processor model to applications in computational biology.

“I’m thrilled to have the opportunity to contribute to this exciting interdisciplinary project that will pursue real-time monitoring of physical and biological systems through software/hardware co-design,” Treangen said. “In particular, the need for innovative approaches for real-time monitoring of pathogen genomes has never been clearer. Our team is ready to push beyond conventional research horizons to meet this pressing need.”

The other $749,998, four-year grant to Mamouras and Yang supports the development of a programmable hardware monitor to enhance microchip security and prevent malfunction due either to unintentional fabrication errors or intentional hardware backdoor or Trojan circuit modifications or other physical attacks.

Mamouras, an assistant professor of computer science who is the principal investigator on the second grant, said that “the use of runtime monitors that can efficiently execute on programmable hardware can enhance security and reliability beyond what is feasible with traditional design-time verification and validation.”

“We are excited to pursue the co-design of a hardware-friendly specification language for runtime monitors and a specification-to-hardware compiler, which will be key technologies for achieving the goals of this project,” Mamouras said.

Yang said that instead of only looking for a specific, static pattern in the stream, the researchers will be looking for “signal patterns within computer chips structured by a causal, temporal logic.”

“It allows us to cover more suspicious behaviors with a simpler definition of the pattern,” Yang said. “Our goal is to realize the temporal logic-based pattern monitoring by exploring a novel formal specification language along with its specific, highly efficient and compact hardware implementations and software toolchains, making it possible to embed them into any chips that benefit from a runtime integrity and security check.”

The runtime monitor can be programmed to look for specific patterns, and chip manufacturing companies or vendors can upgrade the pattern they are searching for as they gain more knowledge about possible vulnerabilities or attacks.

“This does not completely fix the problem, because one cannot modify the raw hardware once it is fabricated,” Yang said. “But we can raise alarms when there’s a suspicious behavior, and we can prevent bigger consequences from this attack or malfunction.”