llvm dev - Nov 2017 - Internship @ CEA Grenoble - France: Integrity and Confidentiality of Programs and Data for Embedded Systems

Dear all,

We are looking for an MSc intern to work on program and data 
confidentiality and integrity using LLVM and targeting the RISC-V 
architecture. The internship will take place in the CEA Center in 
Grenoble, at the heart of the French Alps.

Position is from February 2018 on and will be filled as soon as possible.

The candidate should have a strong background in software design and 
compilation, and working knowledge about processor architecture.  She/he 
should be at ease with software methodologies and technologies, 
including: C, C++, git, GNU/Linux.  Prior experience of developments in 
LLVM is a plus.

Please see below for a full description.
And contact damien.courousse at cea.fr and lionel.morel at cea.fr to apply.

Regards
LM


-- 
Lionel Morel
Research Engineer at CEA-LIST
DRT/LIST/DACLE/SCSN/LIALP
Laboratoire Infrastructures et Ateliers pour le Logiciel sur Puces
Commissariat à l’énergie atomique et aux énergies alternatives

MINATEC Campus | 17 rue des Martyrs | 38054 Grenoble Cedex 9
Tel : +33 (0)4 38 78 15 88
lionel.morel at cea.fr



Full Internship description :

Maters internship: Integrity and Confidentiality of Programs and Data 
for Embedded Systems
at : CEA Grenoble, FRANCE
contact: Damien.Courousse at cea.fr, Lionel.Morel at cea.fr
see online: 
http://www.cea.fr/emploi/Lists/Stages/StructuredDisplayForm.aspx?ID=114530

* Background

Physical attacks are the most efficient way to extract secret 
information or to bypass security protections on embedded systems.  The 
attacker has the targeted platform in his hands, literally, so she can 
directly observe the circuit's behaviour [1] (otherwise called 
side-channel attacks), or she can perturb the systems functionality [2] 
(otherwise called fault-injection attacks).  The LIALP laboratory, which 
is part of the CEA in Grenoble, develops an LLVM-based compilation 
toolchain that automates the implementation of software counter-measures 
against physical attacks.  More precisely, we develop an original 
software platform that allows to improve the robustness of embedded 
software against both fault-injection and side-channel attacks [3].  One 
of the embedded protections relies on code polymorphism: the shape of 
the secured code (in terms of the machine instructions being executed) 
regularly changes while the functional properties are not altered.  The 
behavioral variability provided by this protection scheme drastically 
lessens the likelihood of success of side-channels attacks.


Another line of attack consists in extracting the code of the target 
platform and reverse-engineer it so as to identify the most effective 
attack paths.  Furthermore, reverse-engineering also lets an attacker 
analyzing the program's behavior.  As such, it can be very useful for a 
competitor to gain valuable knowledge about the software solution 
deployed.  To guarantee software confidentiality, encryption of the 
program contents can be performed, making it impossible to read the 
program content for whoever doesn't have the encryption key.  The 
program's instructions then needs to be decrypted on-the fly, as they 
are executed by the processor.  The LSOSP laboratory, also a part of the 
CEA, has developed a specialized processor architecture that is able to 
execute encrypted code without the code being exposed in clear in the 
system's main memory [4].

To sum up, on one hand, software encryption brings confidentiality, but 
the resulting program is still vulnerable to physical attacks.  On the 
other hand, programs protected with code polymorphism are protected 
against physical attacks but not again reverse- engineering.  The goal 
of this work is to combine both approaches to increase the system's 
security overall.

* Objectives: combining software encryption with code polymorphism

The objective of this internship is to set up a software solution that 
combines code polymorphism with software encryption, in order to protect 
programs against both physical attacks and reverse engineering.  A 
preliminary study has already been performed, which shows that it is 
possible to combine effectively code polymorphism and code encryption: 
it will serve as a basis for this work.


In this project, we will target the RISC-V architecture [5].  This 
architecture, initially developed at the University of California, in 
Berkeley, establishes a free and open-source Instruction Set 
Architecture as well as several micro-architectural implementations. 
RISC-V is particularly adapted to constrained embedded systems (e.g. 
IoT) but it can also be used for more compute-hungry applications. It 
presently raises the interest of many developers and is supported by a 
increasingly large community.  Many contributors both from the industry 
and academia propose processor implementations and tools around RISC-V, 
including backends for compilers like clang/LLVM and hardware simulation 
tools (e.g.  Instruction Set Simulators, ISS).

The tasks carried out by the student will be:
- to familiarize with tools available  for the RISC-V architecture, in
   particular compilers and ISSs;
- to set up the security solution proposed above;
- to  experimentally  validate  the solution  implemented.  This  will
   consist in both performance evaluation and security characterization.
- if  time permits,  to propose  improvements on  the implementation,  in
   order to increase performance or enhance security.


* Candidate profile

The candidate should have a strong background in software design and 
compilation, and working knowledge about processor architecture.  She/he 
should be at ease with software methodologies and technologies, 
including: C, C++, git, GNU/Linux.  Prior experience of developments in 
LLVM is a plus.

The work is to be carried out in a multi-disciplinary context, so 
cross-disciplinary curiosity is a plus.


* Work environment
The candidate will be supervised in a high quality research environment 
that is developing innovative solutions at the intersection between 
software and hardware. Results of the internship shall be considered for 
publication in an international workshop or conference, if time permits. 
  Financial support is provided for this intership position.  Knowledge 
of French is not required.

* References

[1] https://en.wikipedia.org/wiki/Side-channel_attack

[2] https://en.wikipedia.org/wiki/Fault_injection

[3] D. Couroussé, T. Barry, B. Robisson, P. Jaillon, O. Potin, and
J.-L. Lanet “Runtime Code Polymorphism as a Protection Against Side 
Channel Attacks,” in 10th WISTP International Conference on Information 
Security Theory and Practice, 2016, pp. 136–152.

[4] T. Hiscock, O. Savry, and L. Goubin, “Lightweight Software
Encryption for Embedded Processors,” in 2017 Euromicro Conference on 
Digital System Design (DSD), 2017, pp. 213–220.

[5] https://riscv.org/