Penn Logo
Vertical Line

Implementation of Computation Group

Divider Divider Divider Divider Divider


Given the evidence to date, how reasonable is it to assume that every line of code (LoC) in a multi-million LoC (operating system, application) is correct? free of safety and security bugs?
[Hint: studies repeatedly show the rate of errors in programs is above 1 per 1000 LoC.]

How can we build foundational security into our hardware and software system architectures?

How can we build computing systems that operate securely (or, at least, well enough), despite these inevitable flaws in their basic components?

Examples from our recent work include:

  • Architectural Support for Software-Defined Metadata Processing (ASPLOS 2015) -- how to add hardware that enforce post-fabrication programmable safety and security policies to a conventional RISC processor. [Abstract and Paper Link]
  • Automated Least-Privilege Analysis (μSCOPE: A Methodology for Analyzing Least-Privilege Compartmentalization in Large Software Artifacts) (RAID 2021) -- how much excess privilege is the operating running with, and how we can automatically reduce it by orders of magnitude? [Paper Link]
  • SCALPEL: Exploring the Limits of Tag-enforced Compartmentalization (ACM JETC 2022) -- how to realize automated privilege restriction with tags [Abstract and Paper Link]
  • Protecting the Stack with Metadata Policies and Tagged Hardware (IEEE S&P (Oakland) 2018) -- SDMP policies to enforce stack protection policies [Abstract and Paper Link]
  • DOVER: a Metadata-extended RISC-V (RISC-V Workshop, January 2016) -- how to integrate tagged support into RISC-V [Slides]
  • The DOVER Edge (RISC-V Workshop, July 2016) -- how to protect I/O and DMA as well [Slides]
  • Hardware Support for Safety Interlocks and Introspection (SASO AHNS Workshop 2012) -- how hardware can guard against gross security and safety errors in programs. [Abstract and Paper Link]
  • Low-Fat Pointers: Compact Encoding and Efficient Gate-Level Implementation of Fat Pointers for Spatial Safety and Capability-based Security (CCS 2013) -- how hardware can protect against spatial saftey violations. [Abstract and Paper Link]
  • A Verified Information-Flow Architecture. (POPL 2014) -- verifiable underpinnings of tagged information flow; informed early tagged processor design. [Abstract and Paper Link]
  • The Dover Inherently Secure Processor (IEEE HST 2017) -- variant on microarchitecture for tagged protection [Abstract and Paper Link]
  • DeepMatch: Practical Deep Packet Inspection in the Data Plane using Network Processors. (CoNEXT 2020) -- how to use modern smarNICs to perform payload processing [Abstract and Paper Link]
  • RotoRouter: Router Support for Endpoint-Authorized Decentralized Traffic Filtering to Prevent DoS Attacks. (ICFPT 2014) -- how to get the routing network to collaborate in avoiding denial of service or other unwanted traffic. [Abstract and Paper Link]

Divider Divider Divider Divider Divider
Room# 315, 200 South 33rd Street, Electrical and Systems Engineering Department, Philadelphia , University of Pennsylvania, PA 19104.