From hacking computers to improving infrastructure security

News
11-02-2022
Kaveh Razavi is an assistant professor in the Department of Information Technology and Electrical Engineering at ETH Zurich and recently joined the NCCR Automation. With his research, he aims to improve the security of hardware components used in future infrastructure such as CPU or DRAM devices.
Kaveh Razavi is an assistant professor in the Department of Information Technology and Electrical Engineering at ETH Zurich.
Kaveh Razavi is an assistant professor in the Department of Information Technology and Electrical Engineering at ETH Zurich

NCCR Automation: How did you get first get interested in your field?

Kaveh Razavi: I wanted to know how to hack computers in late 90s when I was a teenager. Very soon I realized that there are these magical pieces of code called “exploits” that hackers use to compromise computers remotely. There were lots of low-level programming and machine languages involved in building exploits that got me hooked pretty quickly. I am still hooked and a bit jealous of my students who do most of the action nowadays.

You came here in a very extraordinary moment in time. How did you experience the pandemic from a professional point of view and have you had difficulties to start under these difficult circumstances?

It was a bit complicated to relocate during the pandemic and it is a bit unfortunate that I have yet to meet some of my colleagues in person. But I also feel lucky with the significant support from ETH and people from my institute for establishing my new group during these uncertain times.

How did you end up at the NCCR, and what do you expect from it?

NCCR Automation is about making our future infrastructure smarter. Security is an important aspect of such an effort and I happened to be the new professor who is specialized in that subject. I expect the security efforts in the NCCR to lead to improved security in the devices that will be deployed in our infrastructure such as CPU and DRAM. I also have some hope that the newly-proposed solutions for automation consider security as part of their design rather than having it as an afterthought.

What do you mean by that?

The past couple of years have seen many new high-profile hardware security vulnerabilities. For example, last year we showed that all DRAM devices currently in production suffer from a security vulnerability that allows attackers to compromise systems. Such vulnerabilities are usually not easy to fix since it is difficult to change hardware after production, leaving systems exposed to attacks for extended periods of time. We have shown in the past that hackers can use these vulnerabilities to compromise computer systems in different settings, such as in the cloud, on mobile phones, in the browser and even remotely over network.

What exactly are you doing in your project and what would you say is unique about it/your approach?

In our project, we are trying to address this problem by making the security analysis of hardware more scalable to find and fix many of these issues at once. We have had recent successes in this area, for example, by automatically generating access patterns that trigger bit flips inside DRAM devices. We are looking to take these approaches to the next level using a more guided search.

Why does the topic matter to you and what impacts do you think it might have on society?

I strongly believe that computer systems should not be coerced to do things their users did not intend them to do. For example, if the user browses a website, that website should not have access to the sensitive data that is not intended for that website. As a user of such systems, I care a lot about this basic rule. As we integrate computer systems deeper into our society and our infrastructure, this basic rule is becoming even more important.  Therefore, with our project, we aim to make it harder to break into computers by providing tools and techniques that developers can use to build more secure computer systems.

What would you say is particularly challenging about the work that you do?

Two aspects of our work make it extra challenging: hardware design is almost always closed and companies that produce hardware do not disclose how exactly a piece of hardware works. This makes it extremely difficult for us to understand the security guarantees of hardware components. To be able to still do an independent security analysis for certain hardware components that are important and deployed everywhere (e.g., DRAM or CPU), we are forced to resort to reverse engineering, which is cumbersome and time-consuming.

The other aspect that makes our research challenging is its experimental nature. Some of our experiments can take weeks if not months due to their sheer scale. As an example, to be able to have a global view of certain problems, we need to repeat the same experiment with different parameters over a large set of devices. Sometimes we also need to repeat these experiments since we do not initially understand the properties that we are interested in due to the closed nature of hardware.

What opportunities does the NCCR offer that you might otherwise not have?

The research freedom that we have in the NCCR allows us to pursue topics that we think are most important which I personally appreciate a lot. There are also collaboration opportunities due to the multidisciplinary nature of the NCCR. It would be interesting to see how some of the systems that will be developed as part of NCCR fair in more adversarial settings than they were perhaps originally intended for.

Could your work contribute to the “moon-shot project”? If so, how?

Perhaps. We can certainly use some of the analysis tools that we are building to “vet” some of the hardware components that are used in the moon-shot project. There may be other opportunities depending on how the moon-shot project develops.