Ed Suh thinks computer security should be hardwired.
Security has traditionally been viewed as a software problem, but Suh is looking at how computer architecture can enhance security. “We can put some basic security features in the hardware, rather than build it into the software,” he says.
Incorporating security features in the hardware provides two advantages, according to Suh. “First, you get higher security, because it’s more difficult to hack a tiny chip than an operating system; and second, you can usually do things much more efficiently compared to software, because you can do many different things simultaneously, in parallel.” he says, “So we thought, let’s put all the security features in the main processing chip.”
To prevent a malicious hacker from tapping into communications between components, Suh gives his processor the ability to encrypt all communication going out and to verify content it’s reading back later. “It’s got some virus protection features, too,” he says. “It can check the behavior of programs in very low-overhead way.”
With the proliferation of mobile devices and embedded systems, Suh says physical security—making a computer hard to get to—is not enough. “If the computer system controlling your car engine gets hacked, you can lose your life or safety,” he says.
Suh sees security at one end of a spectrum. “If you want to trust what’s going on in the system, it’s not only a security issue, it’s also reliability,” he says. “A bad guy hacker is just the worst case scenario.”
As computer components get smaller, they are more prone to random errors. And as chips get more complex, ensuring they perform correctly will become more and more difficult. “There will be 1 billion transistors on a chip soon. How do you verify these complex designs?” he asks. “Intel has as many engineers verifying design as it does designing chips.”
Suh has received a CAREER Grant from the National Science Foundation to address all of these problems in multi-core processors. “I’m applying what I’ve learned from security architecture to create a unified version in hardware,” he says. “In a multi-core processor we can use part of one core to verify correctness guarantees.”
With so much of his attention on computer security, it’s not surprising that Suh sometimes gets a little nervous about his own. “Some bad things can actually happen when you’re surfing the Web,” he says. “I guess you get a little bit paranoid.”
Prof. Suh's Web page
