We first analyze these attacks, identifying cache interference as the root cause of these attacks. We identify two basic mitigation approaches: the partition-based approach eliminates cache interference whereas the randomization-based approach randomizes cache interference so that zero information can be inferred. We present new security-aware cache designs, the Partition-Locked cache (PLcache) and Random Permutation cache (RPcache), analyze and prove their security, and evaluate their performance. Our results show that our new cache designs with built-in security can defend against cache-based side channel attacks in general ? rather than only specific attacks on a given cryptographic algorithm ? with very little performance degradation and hardware cost.}, author = {Wang, Zhenghong and Lee, Ruby B.} } @conference { , title = {Architecture for a Non-Copyable Disk (NCdisk) Using a Secret-Protection (SP) SoC Solution}, year = {2007}, month = {11/04/2007}, pages = {1999-2003}, address = {Pacific Grove, CA, USA}, abstract = {Piracy of copyrighted digital contents, such as movies and music is rampant in cyberspace. A piece of digital material may be repeatedly copied and proliferated throughout the Internet with ease. We examined both software and hardware vulnerabilities in existing digital copy-protection methods. As a result, we propose a non-copyable disk (NCdisk) that makes it significantly harder for digital contents to be copied. Any digital content written onto the NCdisk can only be read through a predefined set of outputs of the NCdisk, and the original plaintext digital form may never be read out of the NCdisk. We add a minimal set of components based on the secret-protection (SP) architecture to the existing disk's SoC chipset to attribute the disk with the non-copyable property. We further present the security protocol to be used along with the NCdisk to provide a copy-protected digital movie download scenario.}, keywords = {copyright, data privacy, system-on-chip}, URL = {http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4487587}, author = {Wang, Michael and Lee, Ruby B.} } @conference { , title = {Covert and Side Channels due to Processor Architecture}, year = {2006}, month = {December 2006}, pages = {473-482}, abstract = {Information leakage through covert channels and side channels is becoming a serious problem, especially when these are enhanced by modern processor architecture features. We show how processor architecture features such as simultaneous multithreading, control speculation and shared caches can inadvertently accelerate such covert channels or enable new covert channels and side channels. We first illustrate the reality and severity of this problem by describing concrete attacks. We identify two new covert channels. We show orders of magnitude increases in covert channel capacities. We then present two solutions, Selective Partitioning and the novel Random Permutation Cache (RPCache). The RPCache can thwart most cache-based software side channel attacks, with minimal hardware costs and negligible performance impact.}, keywords = {side channel attack, covert channel, cache, processor architecture}, URL = {http://www.acsac.org/2006/papers/127.pdf}, author = {Wang, Zhenghong and Lee, Ruby B.} } @conference { , title = {New Constructive Approach to Covert Channel Modeling and Channel Capacity Estimation}, year = {2005}, month = {September 2005}, pages = {498-505}, address = {Singapore}, URL = {http://palms.ee.princeton.edu/PALMSopen/ISC05_w_cit.pdf}, author = {Wang, Zhenghong and Lee, Ruby B.} } @conference { , title = {Capacity Estimation of Non-Synchronous Covert Channels}, year = {2005}, month = {June 6-9, 2005}, pages = {170-176}, address = {Columbus, OH, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/SDCS05_w_cit.pdf}, author = {Wang, Zhenghong and Lee, Ruby B.} } @conference { , title = {Micro-Architecture Issues of Predicated Execution}, year = {2003}, month = {Nov. 2003}, pages = {349-354}, address = {Pacific Grove, California, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/withRef.pdf}, author = {Wang, Zhenghong and Lee, Ruby B.} } @article { , title = {Design, Implementation and Verification of Cloud Architecture for Monitoring a Virtual Machine?s Security Health}, journal = {IEEE Transactions on Computers}, volume = {67}, year = {2018}, month = {06/2018}, publisher = {IEEE}, author = {Tianwei Zhang and Ruby B. Lee} } @conference { , title = {DoS Attacks on Your Memory in the Cloud}, year = {2017}, month = {April, 2017}, address = {Abu Dhabi}, abstract = {In cloud computing, network Denial of Service (DoS) attacks are well studied and defenses have been implemented, but severe DoS attacks on a victim?s working memory by a single hostile VM are not well understood. Memory DoS attacks are Denial of Service (or Degradation of Service) attacks caused by contention for hardware memory resources on a cloud server. Despite the strong memory isolation techniques for virtual machines (VMs) enforced by the software virtualization layer in cloud servers, the underlying hardware memory layers are still shared by the VMs and can be exploited by a clever attacker in a hostile VM co-located on the same server as the victim VM, denying the victim the working memory he needs. We first show quantitatively the severity of contention on different memory resources. We then show that a malicious cloud customer can mount low- cost attacks to cause severe performance degradation for a Hadoop distributed application, and 38× delay in response time for an E-commerce website in the Amazon EC2 cloud. Then, we design an effective, new defense against these memory DoS attacks, using a statistical metric to detect their existence and execution throttling to mitigate the attack damage. We achieve this by a novel re-purposing of existing hardware performance counters and duty cycle modulation for security, rather than for improving performance or power consumption. We implement a full prototype on the OpenStack cloud system. Our evaluations show that this defense system can effectively defeat memory DoS attacks with negligible performance overhead.}, author = {Tianwei Zhang and Yinqian Zhang and Ruby B. Lee} } @conference { , title = {Host-based DoS Attacks and Defense in the Cloud}, year = {2017}, month = {June, 2017}, abstract = {We explore host-based DoS attacks, which exploit the shared computing resources in a multi-tenant cloud server to compromise the server?s resource availability. We first present a set of attack techniques targeting different types of resources. We show such attacks can significantly affect the performance of co-located VMs, as well as the cloud provider?s management services. Then we propose an attack strategy to compromise the availability of the entire datacenter. We show how power-aware optimization techniques can help the attacker achieve his goal faster, with low cost. We design an effective general-purpose method to defeat memory, network and disk DoS attacks. We use a statistical method to detect changes in the usage of different resources. Once an attack happens, we use resource throttling techniques to identify and thwart the malicious VMs. Our evaluation shows that this defense method can effectively defeat these DoS attacks with negligible performance overhead. We alert the computer architecture community to these catastrophic attacks on the availability of cloud computing resources, to encourage building in better defenses at both the hardware and software levels.}, author = {Tianwei Zhang and Ruby B. Lee} } @conference { , title = {CloudShelter: Protecting Virtual Machines? Memory Resource Availability in Cloud Computing}, year = {2017}, month = {05/11/2017}, publisher = {IEEE}, address = {Boston}, author = {Tianwei Zhang;Yuan Xu;Yungang Bao;Ruby B. Lee} } @conference { , title = {CloudRadar: A Real-time Side-channel Attack Detection System in Clouds}, year = {2016}, month = {September 2016}, abstract = {We present CloudRadar, a system to detect, and hence mitigate, cache-based side-channel attacks in multi-tenant cloud systems. CloudRadar operates by correlating two events: first, it exploits signature- based detection to identify when the protected virtual machine (VM) executes a cryptographic application; at the same time, it uses anomaly-based detection techniques to monitor the co-located VMs to identify ab- normal cache behaviors that are typical during cache-based side-channel attacks. We show that correlation in the occurrence of these two events o?er strong evidence of side-channel attacks. Compared to other work on side-channel defenses, CloudRadar has the following advantages: first, CloudRadar focuses on the root causes of cache-based side-channel at- tacks and hence is hard to evade using metamorphic attack code, while maintaining a low false positive rate. Second, CloudRadar is designed as a lightweight patch to existing cloud systems, which does not require new hardware support, or any hypervisor, operating system, application modifications. Third, CloudRadar provides real-time protection and can detect side-channel attacks within the order of milliseconds. We demonstrate a prototype implementation of CloudRadar in the OpenStack cloud framework. Our evaluation suggests CloudRadar achieves negligible performance overhead with high detection accuracy.}, author = {Tianwei Zhang and Yinqian Zhang and Ruby B. Lee} } @article { , title = {Monitoring and Attestation of Virtual Machine Security Health in Cloud Computing}, journal = {IEEE Micro Special Issues on Security}, volume = {36}, year = {2016}, month = {Sept/Oct 2016}, abstract = {Abstract: Cloud customers need assurances regarding the security of their virtual machines (VMs) operating within an infrastructure-as-a-service cloud system. This is complicated by the customer not knowing where the VM is executing and by the semantic gap between what the customer wants to know versus what can be measured in the cloud. In this article, the authors present an architecture for monitoring a VM's security health. Their architecture can communicate this to the customer in an unforgeable manner. The authors show a concrete implementation of property-based attestation and a full prototype based on the OpenStack open source cloud software.}, author = {Tianwei Zhang and Ruby B. Lee} } @conference { , title = {CloudMonatt: an Architecture for Security Health Monitoring and Attestation of Virtual Machines in Cloud Computing}, year = {2015}, month = {June 2015}, pages = {362-274}, address = {Portland}, author = {Tianwei Zhang;Ruby B. Lee} } @conference { , title = {New Models of Cache Architectures Characterizing Information Leakage from Cache Side}, year = {2014}, pages = {96-105}, address = {December 2014}, author = {Tianwei Zhang;Ruby B. Lee} } @conference { , title = {Side Channel Vulnerability Metrics: the Promise and the Pitfalls}, year = {2013}, month = {June 24, 2013}, author = {Tianwei Zhang and Si Chen and Fangfei Liu and Ruby B. Lee} } @conference { , title = {Security Verification of Hardware-enabled Attestation Protocols}, year = {2012}, month = {December 2012}, author = {Tianwei Zhang and Jakub Szefer and Ruby B. Lee} } @article { , title = {Stability and benefits of suboptimal utility maximization}, journal = {IEEE/ACM Transactions on Networking}, volume = {19}, year = {2011}, abstract = {Network utility maximization has been widely used to model resource allocation and network architectures. However, in practice, often it cannot be solved optimally due to complexity reasons. Thus motivated, we address the following two questions in this paper: 1) Can suboptimal utility maximization maintain queue stability? 2) Can underoptimization of utility objective function in fact benefit other network design objectives? We quantify the following intuition: A resource allocation that is suboptimal with respect to a utility maximization formulation maintains maximum flow-level stability when the utility gap is sufficiently small and information delay is bounded, and it can still provide a guaranteed size of stability region otherwise. Utility-suboptimal rate allocation can also enhance other network performance metrics, e.g., it may reduce link saturation. These results provide a theoretical support for turning attention from optimal but complex solutions of network optimization to those that are simple even though suboptimal.}, author = {Tian Lan and Xiaojun Lin and Mung Chiang and Ruby B. Lee} } @conference { , title = {Securing the Dissemination of Emergency Response Data with an Integrated Hardware-Software Architecture}, year = {2009}, month = {April 2009}, pages = {133-156}, address = {Oxford, U.K.}, abstract = {During many crises, access to sensitive emergency-support information is required to save lives and property. For example, for effective evacuations first responders need the names and addresses of non-ambulatory residents. Yet, currently, access to such information may not be possible because government policy makers and third-party data providers lack confidence that today?s IT systems will protect their data. Our approach to the management of emergency information provides first responders with temporary, transient access to sensitive information, and ensures that the information is revoked after the emergency. The following contributions are presented: a systematic analysis of the basic forms of trusted communication supported by the architecture; a comprehensive method for secure, distributed emergency state management; a method to allow a userspace application to securely display data; a multifaceted system analysis of the confinement of emergency information and the secure and complete revocation of access to that information at the closure of an emergency.}, author = {Timothy Levin and Jeffrey Dwoskin and Ganesha Bhaskara and Thuy Nguyen and Paul Clark and Ruby B. Lee and Cynthia Irvine and Terry Benzel} } @conference { , title = {Multi-path Key Establishment Against REM Attacks in Wireless Ad Hoc Networks}, year = {2009}, note = {Best Paper Award}, month = {Nov/Dec 2009}, address = {Honolulu, Hawaii, USA}, abstract = {Secure communications in wireless ad hoc networks require setting up end-to-end secret keys for communicating node pairs. Due to physical limitations and scalability requirements, full key-connectivity can not be achieved by key pre-distribution. In this paper, we develop an analytical framework for the on-demand key establishment approach. We propose a novel security metric, called REM resilience vector to quantify the resilience of any key establishment schemes against Revealing, Erasure, and Modification (REM) attacks. Our analysis shows that previous key establishment schemes are vulnerable under REM attacks. Relying on the new security metric, we prove a universal bound on achievable REM resilience vectors for any ondemand key establishment scheme. This bound that characterizes the optimal security performance analytically is shown to be tight, as we propose a REM-resilient key establishment scheme which achieves any vector within this bound. In addition, we develop a class of low complexity key establishment schemes which achieve nearly-optimal REM-attack resilience.}, author = {Tian Lan and Ruby B. Lee and Mung Chiang} } @conference { , title = {How Bad is Suboptimal Rate Allocation?}, year = {2008}, month = {April 13-18 2008}, pages = {951-959}, author = {Tian Lan and Xiaojun Lin and Mung Chiang and Ruby B. Lee} } @article { , title = {Stability and Benefits of Suboptimal Utility Maximization}, journal = {submitted to IEEE Transactions on Networking}, year = {2008}, month = {Nov. 4}, author = {Tian Lan and Xiaojun Lin and Mung Chiang and Ruby B. Lee} } @article { , title = {Multi-path Key Establishment under Byzantine Attacks in Wireless Ad Hoc Networks}, year = {2008}, note = {Princeton University Department of Electrical Engineering Technical Report CE-L2008-018}, author = {Tian Lan and Ruby B. Lee and Mung Chiang} } @article { , title = {Reliable and Secure Distributed Storage of Critical Information}, year = {2008}, note = {Princeton University Department of Electrical Engineering Technical Report CE-L2008-017,}, author = {Tian Lan and Ruby B. Lee and Mung Chiang} } @conference { , title = {Distributed Denial of Service: Taxonomies of Attacks, Tools, and Countermeasures}, year = {2004}, month = {Sept. 2004}, pages = {543-550}, address = {San Francisco, California, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/DDoS%20Final%20PDCS%20Paper.pdf}, author = {Specht, Stephen and Lee, Ruby B.} } @conference { , title = {Implementation Complexity of Bit Permutation Instructions}, year = {2003}, note = {Nominated for Best Student Paper Award}, month = {Nov. 2003}, pages = {879-886}, address = {Pacific Grove, California, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/shi03implementation.pdf}, author = {Shi, Zhijie Jerry and Lee, Ruby B.} } @conference { , title = {Arbitrary Bit Permutations in One or Two Cycles}, year = {2003}, month = {June 2003}, pages = {237-247}, address = {The Hague, The Netherlands}, URL = {http://palms.ee.princeton.edu/PALMSopen/shi03arbitrary.pdf}, author = {Shi, Zhijie and Yang, Xiao and Lee, Ruby B.} } @conference { , title = {Subword Sorting with Versatile Permutation Instructions}, year = {2002}, month = {Sept. 2002}, pages = {234-241}, address = {Freiburg, Germany}, URL = {http://palms.ee.princeton.edu/PALMSopen/shi02subword.pdf}, author = {Shi, Zhijie and Lee, Ruby B.} } @conference { , title = {Bit Permutation Instructions for Accelerating Software Cryptography}, year = {2000}, month = {July 2000}, pages = {138-148}, address = {Boston, Massachusetts, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/shi00bit.pdf}, author = {Shi, Zhijie and Lee, Ruby B.} } @conference { , title = {Using Moving Target Defense for Secure Hardware Design}, year = {2016}, author = {Ruby B. Lee} } @inbook { , title = {Improving Cyber Security}, booktitle = {Advances in Cyber Security: Technology, Operations and Experiences}, editor = {Frank Hsu and Dorothy Marinucci}, year = {2013}, pages = {37-59}, publisher = {Fordham University Press}, ISBN = {978-0-8232-4457-7}, author = {Ruby B. Lee} } @conference { , title = {Processor Accelerator for AES}, year = {2010}, month = {June 13-14 2010}, pages = {71-76}, address = {Anaheim, CA, USA}, abstract = {Software AES cipher performance is not fast enough for encryption to be incorporated ubiquitously for all computing needs. Furthermore, fast software implementations of AES that use table lookups are susceptible to software cache-based side channel attacks, leaking the secret encryption key. To bridge the gap between software and hardware AES implementations, several Instruction Set Architecture (ISA) extensions have been proposed to provide speedup for software AES programs, most notably the recent introduction of six AES-specific instructions for Intel microprocessors. However, algorithm-specific instructions are less desirable than general-purpose ones for microprocessors. In this paper, we propose an enhanced parallel table lookup instruction that can achieve the fastest reported software AES encryption and decryption of 1.38 cycles/byte for generalpurpose microprocessors, a 1.45X speedup from the fastest prior work reported. Also, security is improved where cache-based side-channel attacks are thwarted, since all table lookups take the same amount of time. Furthermore, the new instructions can also be used to accelerate any functions that can be accelerated through table lookup operations of one or multiple small tables.}, author = {Ruby B. Lee and Yu-Yuan Chen} } @article { , title = {Hardware Mechanisms for Memory Authentication: A Survey of Existing Techniques and Engines}, journal = {Transactions on Computational Science IV, Lecture Notes in Computer Science (LNCS)}, year = {2009}, month = {March 2009}, pages = {1-22}, abstract = {Trusted computing platforms aim to provide trust in computations performed by sensitive applications. Verifying the integrity of memory contents is a crucial security service that these platforms must provide since an adversary able to corrupt the memory space can affect the computations performed by the platform. After a description of the active attacks that threaten memory integrity, this paper surveys existing cryptographic techniques ? namely integrity trees ? allowing for memory authentication. The strategies proposed in the literature for implementing such trees on general-purpose computing platforms are presented, along with their complexity. This paper also discusses the effect of a potentially compromised Operating System (OS) on computing platforms requiring memory authentication and describes an architecture recently proposed to provide this security service despite an untrusted OS. Existing techniques for memory authentication that are not based on trees are described and their performance/security trade-off is discussed. While this paper focuses on memory authentication for uniprocessor platforms, we also discuss the security issues that arise when considering data authentication in symmetric multiprocessor (shared memory) systems.}, author = {Reouven Elbaz and David Champagne and Catherine Gebotys and Ruby B. Lee and Nachiketh Potlapally and Lionel Torres} } @misc { , title = {UserMode SP_ISCA2005}, year = {2005}, author = {Ruby Lee, Peter Kwan, Patrick McGregor, Jeffrey Dwoskin and Zhenghong Wang} } @article { , title = {Precision Architecture}, journal = {IEEE computer}, volume = {22}, year = {1989}, month = {01/1989}, pages = {14}, chapter = {78}, author = {Ruby B. Lee} } @article { , title = {Special Section on Secure Computer Architectures}, journal = {IEEE Transactions on Computers}, volume = {67}, year = {2018}, month = {March 2018}, author = {Patrick Schaumont and Ruby Lee and Ronald Perez and Guido Bertoni} } @conference { , title = {A Framework for Realizing Security on Demand in Cloud Computing}, year = {2013}, month = {December 2013}, address = {Bristol, UK}, author = {Pramod Jamkhedkar;Jakub Szefer;Diego Perez-Botero;Tianwei Zhang;Gina Triolo;Ruby.B. Lee} } @article { , title = {Checking Integrity of Untrusted Data with Few Queries}, year = {2007}, month = {September 2007}, address = {Princeton University Department of Electrical Engineering Technical Report CE-L2007-008}, author = {Potlapally, Nachiketh and Lee, Ruby B.} } @article { , title = {Efficient Randomness Generation Techniques for Embedded Systems}, year = {2007}, month = {December 2007}, address = {Princeton University Department of Electrical Engineering Technical Report CE-L2007-015}, author = {Potlapally, Nachiketh and Lee, Ruby B.} } @article { , title = {Aiding Side-channel Attacks on Cryptographic Software with Satisfiability-based Analysis}, journal = {IEEE Transactions on VLSI}, volume = {15}, year = {2007}, month = {April 2007}, pages = {465-470}, author = {Potlapally, Nachiketh and Raghunathan, Anand and Sriavths Ravi and Jha, Niraj and Lee, Ruby B.} } @conference { , title = {Satisfiability-based Framework for Enabling Side-channel Attacks on Cryptographic Software}, year = {2006}, month = {March 2006}, pages = {18-23}, address = {Munich, Germany}, URL = {http://palms.ee.princeton.edu/PALMSopen/potlapally06satisfiability.pdf}, author = {Potlapally, Nachiketh and Raghunathan, Anand and Ravi, Srivaths and Jha, Niraj and Lee, Ruby B.} } @conference { , title = {Impact of Configurability and Extensibility on IPSec Protocol Execution on Embedded Processors}, year = {2006}, month = {January 2006}, pages = {299-304}, publisher = {IEEE Computer Society}, address = {Hyderabad, India}, keywords = {Configurability, Embedded Processors, Embedded Security, Embedded Systems, Extensibility, IPSec, Performance, Security Protocols}, URL = {http://palms.ee.princeton.edu/PALMSopen/potlapally06impact.pdf}, author = {Potlapally, Nachiketh and Ravi, Srivaths and Raghunathan, Anand and Lee, Ruby B. and Jha, Niraj} } @conference { , title = {Maya: A Novel Block Encryption Function}, year = {2009}, month = {May 2009}, address = {Ullensvang, Norway}, author = {Mahadevan Gomathisankaran and Ruby B. Lee} } @conference { , title = {Protecting Cryptographic Keys and Computations via Virtual Secure Coprocessing}, year = {2005}, month = {Oct. 9-13, 2004}, address = {Boston, Massachusetts, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/mcgregor04protecting.pdf}, author = {McGregor, John Patrick and Lee, Ruby B.} } @conference { , title = {A Traitor Tracing Scheme Based on RSA for Fast Decryption}, volume = {3531}, year = {2005}, month = {June 7-10, 2005}, pages = {56-74}, publisher = {Springer-Verlag}, address = {New York, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/mcgregor05traitortracing_springer.pdf}, author = {McGregor, John Patrick and Yin, Yiqun Lisa and Lee, Ruby B.} } @article { , title = {Architectural Techniques for Accelerating Subword Permutations with Repetitions}, journal = {IEEE Transactions on Very Large Scale Integration Systems}, volume = {11}, year = {2003}, month = {June 2003}, pages = {325-335}, keywords = {Cryptography, encryption, instruction set architecture, permutation, permutation instruction, processor architecture, subword parallelism, subword permutation}, URL = {http://palms.ee.princeton.edu/PALMSopen/mcgregor03architectural.pdf}, author = {McGregor, John Patrick and Lee, Ruby B.} } @conference { , title = {A Processor Architecture Defense against Buffer Overflow Attacks}, year = {2003}, note = {Best Student Paper Award}, month = {Aug. 2003}, pages = {243-250}, address = {Newark, New Jersey, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/mcgregor03processor.pdf}, author = {McGregor, John Patrick and Karig, David and Shi, Zhijie and Lee, Ruby B.} } @conference { , title = {Architectural Enhancements for Fast Subword Permutations with Repetitions in Cryptographic Applications}, year = {2001}, month = {Sept. 2001}, pages = {453-461}, address = {Austin, Texas, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/mcgregor01architectural.pdf}, author = {McGregor, John Patrick and Lee, Ruby B.} } @conference { , title = {Performance Impact of Data Compression on Virtual Private Network Transactions}, year = {2000}, month = {Nov. 2000}, pages = {500-510}, address = {Tampa, Florida, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/mcgregor00performance.pdf}, author = {McGregor, John Patrick and Lee, Ruby B.} } @article { , title = {Hewlett-Packard Precision Architecture: the Processor}, journal = {HP Journal}, volume = {37}, year = {1986}, month = {08/1986}, pages = {19}, chapter = {4}, author = {Michael Mahon and Ruby B. Lee and Terrence Miller and Jerome Huck and William Bryg} } @article { , title = {Decimation Tools Set}, year = {2007}, month = {November 2007}, address = {Princeton University Department of Electrical Engineering Technical Report CE-L2007-014}, author = {Lauradoux, Cedric and Lee, Ruby B.} } @article { , title = {PAX: A Cryptographic Processor with Parallel Table Lookup and Wordsize Scalability}, year = {2007}, month = {November 2007}, address = {Princeton University Department of Electrical Engineering Technical Report CE-L2007-010}, author = {Lee, Ruby B. and Fiskiran, Murat and Wang, Michael and Hilewitz, Yedidya and Chen, Yu-Yuan} } @article { , title = {Resolving Encoding Issues in Combining PAX and PLX Instruction Sets}, year = {2007}, month = {August 2007}, address = {Princeton University Department of Electrical Engineering Technical Report CE-L2007-007}, author = {Lee, Ruby B. and Wang, Michael} } @article { , title = {Single-Cycle Bit Permutations with MOMR Execution}, journal = {Journal of Computer Science and Technology}, volume = {20}, year = {2005}, month = {September 2005}, pages = {577-585}, keywords = {permutation, bit permutations, cryptography, cryptographic acceleration, security, multi-word operation, datarich execution, MOMR, instruction set architecture, ISA, processor, high performance secure computing}, URL = {http://palms.ee.princeton.edu/PALMSopen/lee05single-cycle.pdf}, author = {Lee, Ruby B. and Yang, Xiao and Shi, Zhijie Jerry} } @conference { , title = {Architecture for Protecting Critical Secrets in Microprocessors}, year = {2005}, month = {June 4-8, 2005}, pages = {2-13}, address = {Madison, Wisconsin, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/lee05architecture_w_cit.pdf}, author = {Lee, Ruby B. and Kwan, Peter and McGregor, John Patrick and Dwoskin, Jeffrey and Wang, Zhenghong} } @article { , title = {PLX: An Instruction Set Architecture and Testbed for Multimedia Information Processing}, journal = {Journal of VLSI Signal Processing}, volume = {40}, year = {2005}, pages = {85-108}, keywords = {multimedia, instruction set architecture, ISA, processor architecture, media processing}, URL = {http://palms.ee.princeton.edu/PALMSopen/lee05plx.pdf}, author = {Lee, Ruby B. and Fiskiran, Murat} } @conference { , title = {Validating Word-oriented Processors for Bit and Multi-Word Operations}, year = {2004}, month = {Sept. 2004}, pages = {473-488}, address = {Beijing, China}, URL = {http://palms.ee.princeton.edu/PALMSopen/lee04validating.pdf}, author = {Lee, Ruby B. and Yang, Xiao and Shi, Zhijie Jerry} } @conference { , title = {On Permutation Operations in Cipher Design}, year = {2004}, month = {April 5-7, 2004}, pages = {569-577}, address = {Las Vegas, Nevada, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/lee04permutation.pdf}, author = {Lee, Ruby B. and Rivest, R L and Robshaw, M J B and Shi, Z J and Yin, Y L} } @inbook { , title = {Permutation Operations in Block Ciphers}, booktitle = {Book chapter in Nadia Nedjah and Luiza de Macedo Mourelle eds., Embedded Cryptographic Hardware: Design and Security}, editor = {Nadia Nedjah; Luiza de Macedo Mourelle}, year = {2004}, note = {http://books.google.com/books?id=1Npt_Gj7nJIC&pg=PA19&lpg=PA19&dq=PAX:+A+Datapath-Scalable+Minimalist+Cryptographic+Processor+for&source=bl&ots=At_exM0b76&sig=Kkvh1BvA3mfnbwpU4_kuEgAqjR0&hl=en&sa=X&oi=book_result&resnum=1&ct=result#PPR9,M1}, pages = {219-236}, publisher = {Nova Science Publisher, ISBN: 1-59454-145-0, Chapter 13}, address = {New York}, URL = {http://palms.ee.princeton.edu/PALMSopen/lee04permutation_book.pdf}, author = {Lee, R B and Rivest, R L and Robshaw, M J B and Shi, Z J and Yin, Y L} } @conference { , title = {Enlisting Hardware Architecture to Thwart Malicious Code Injection}, year = {2003}, month = {March 2003}, pages = {237-252}, address = {Boppard, Germany}, URL = {http://palms.ee.princeton.edu/PALMSopen/lee03enlisting.pdf}, author = {Lee, Ruby B. and Karig, David and McGregor, John Patrick and Shi, Zhijie} } @conference { , title = {Refining Instruction Set Architecture for High-Performance Multimedia Processing in Constrained Environments}, year = {2002}, month = {July 2002}, pages = {253-264}, address = {San Jose, California}, URL = {http://palms.ee.princeton.edu/PALMSopen/lee02refining-from-proceedings.pdf}, author = {Lee, Ruby B. and Fiskiran, Murat and Shi, Zhijie and Yang, Xiao} } @conference { , title = {How a Processor can Permute n bits in O(1) cycles}, year = {2002}, month = {Aug. 2002}, address = {Stanford University, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/lee02how-presentation.pdf}, author = {Lee, Ruby B. and Shi, Zhijie and Yang, Xiao} } @conference { , title = {PLX: A Fully Subword-Parallel Instruction Set Architecture for Fast Scalable Multimedia Processing}, year = {2002}, month = {Aug. 2002}, pages = {117-120}, address = {Lusanne, Switzerland}, URL = {http://palms.ee.princeton.edu/PALMSopen/lee02plx-from-proceedings.pdf}, author = {Lee, Ruby B. and Fiskiran, Murat} } @inbook { , title = {Multimedia Instructions in Microprocessors for Native Signal Processing}, booktitle = {Book Chapter in Yu Hen Hu, ed., Programmable Digital Signal Processors: Architecture: Programming, and Applications}, editor = {Yu Hen Hu}, year = {2001}, pages = {91-145}, publisher = {Marcel Dekker, Inc., ISBN: 0-8247-0647-1}, address = {New York}, URL = {http://palms.ee.princeton.edu/PALMSopen/Lee_Multimedia_Instructions_in_Microprocessors_for_Native_Signal_Processing.pdf}, author = {Lee, Ruby B. and Fiskiran, Murat} } @article { , title = {Efficient Permutation Instructions for Fast Software Cryptography}, journal = {IEEE Micro}, volume = {21}, year = {2001}, month = {Dec. 2001}, pages = {56-69}, URL = {http://palms.ee.princeton.edu/PALMSopen/lee01efficient.pdf}, author = {Lee, Ruby B. and Shi, Zhijie and Yang, Xiao} } @inbook { , title = {Instruction Set Architecture for Multimedia Signal Processing}, booktitle = {Book Chapter in Vojin G. Oklobdzija ed., The Computer Engineering Handbook}, editor = {Vojin G. Oklobdzija}, year = {2001}, pages = {39-1 to 39-38}, publisher = {CRC Press, ISBN: 0-8493-0885-2, Invited Chapter}, URL = {http://palms.ee.princeton.edu/PALMSopen/Lee_Instruction_Set_Architecture_for_Multimedia_Signal_Processing.pdf}, author = {Lee, Ruby B.} } @conference { , title = {Multimedia Instructions in IA-64}, year = {2001}, pages = {281-284}, publisher = {Aug. 2001}, address = {Tokyo, Japan}, URL = {http://palms.ee.princeton.edu/PALMSopen/lee01multimedia-from-proceedings.pdf}, author = {Lee, Ruby B. and Fiskiran, Murat and Bubshait, Abdulla} } @conference { , title = {Cost-Effective Multiplication with Enhanced Adders for Multimedia Applications}, volume = {1}, year = {2000}, month = {May 2000}, pages = {651-654}, address = {Geneva Switzerland}, URL = {http://palms.ee.princeton.edu/PALMSopen/luo00cost-effective.pdf}, author = {Luo, Zhen and Lee, Ruby B.} } @conference { , title = {Subword Permutation Instructions for Two-Dimensional Multimedia Processing in MicroSIMD Architectures}, year = {2000}, month = {July 2000}, pages = {3-14}, address = {Boston, Massachusetts, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/lee00subword.pdf}, author = {Lee, Ruby B.} } @conference { , title = {Efficiency of MicroSIMD Architectures and Index-Mapped Data for Media Processors}, year = {1999}, month = {Jan. 1999}, pages = {34-46}, address = {San Jose, California}, URL = {http://palms.ee.princeton.edu/PALMSopen/lee99efficiency.pdf}, author = {Lee, Ruby B.} } @conference { , title = {Security as a New Dimension in Embedded System Design}, year = {2004}, month = {June 2004}, pages = {753-760}, address = {San Diego, California, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/Lee-41stDAC_46_1.pdf}, author = {Kocher, Paul and Lee, Ruby B. and McGraw, Gary and Raghunathan, Anand and Ravi, Srivaths} } @conference { , title = {A Hardware-based Technique for Efficient Implicit Information Flow Tracking}, year = {2016}, month = {07/11/2016}, publisher = {IEEE}, address = {Austin}, author = {Jangseop Shin;Hongce Zhang;Jinyong Lee;Ingoo Heo;Yu-Yuan Chen;Ruby Lee;Yunheung Paek} } @conference { , title = {Cyber Defenses for Physical Attacks and Insider Threats in Cloud}, year = {2014}, month = {June 2014}, author = {Jakub Szefer;Pramod Jamkhedkar;Diego Perez-Botero;Ruby B. Lee} } @inbook { , title = {Hardware-Enhanced Security for Cloud}, booktitle = {Secure Cloud Computing }, year = {2014}, pages = {57-76}, publisher = {Springer}, address = {Berlin}, URL = {http://link.springer.com/chapter/10.1007%2F978-1-4614-9278-8_3}, author = {Jakub Szefer and Ruby B. Lee} } @conference { , title = {BitDeposit: Deterring Attacks and Abuses of Cloud Computing Services Through Economic Measures}, year = {2013}, month = {May 2013}, author = {Jakub Szefer and Ruby B. Lee} } @conference { , title = {Architectural Support for Hypervisor-Secure Virtualization}, year = {2012}, month = {March 3?7, 2012}, abstract = {Virtualization has become a standard part of many computer systems. A key part of virtualization is the all-powerful hypervisor which manages the physical platform and can access all of its resources, including memory assigned to the guest virtual machines (VMs). Continuing releases of bug reports and exploits in the virtualization software show that defending the hypervisor against attacks is very difficult. In this work, we present hypervisor-secure virtualization ? a new research direction with the goal of protecting the guest VMs from an untrusted hypervisor. We also present the Hy- perWall architecture which achieves hypervisor-secure virtualization, using hardware to provide the protections. HyperWall allows a hypervisor to freely manage the memory, processor cores and other resources of a platform. Yet once VMs are created, our new Confidentiality and Integrity Protection (CIP) tables protect the memory of the guest VMs from accesses by the hypervisor or by DMA, depending on the customer?s specification. If a hypervisor does become compromised, e.g. by an attack from a malicious VM, it cannot be used in turn to attack other VMs. The protections are enabled through minimal modifications to the micropro- cessor and memory management units. Whereas much of the previous work concentrates on protecting the hypervisor from attacks by guest VMs, we tackle the problem of protecting the guest VMs from the hypervisor.}, author = {Jakub Szefer and Ruby B. Lee} } @conference { , title = {Physical Attack Protection with Human-Secure Virtualization in Data Centers}, year = {2012}, month = {June 25, 2012}, author = {Jakub Szefer and Pramod Jamkhedkar and Yu-Yuan Chen and Ruby B. Lee} } @conference { , title = {Rapid Single-Chip Secure Processor Prototyping on OpenSPARC FPGA Platform}, year = {2011}, month = {May 24-27, 2011}, abstract = {Secure processors have become increasingly important for trustworthy computing as security breaches escalate. By providing hardware-level protection, a secure processor ensures a safe computing environment where confidential data and applications can be protected against both hardware and software attacks. In this paper, we present a single-chip secure processor model and demonstrate rapid prototyping of the secure processor on the OpenSPARC FPGA platform. OpenSPARC T1 is an industry-grade, open-source, FPGA-synthesizable general- purpose microprocessor originally developed by Sun Microsystems, now acquired by Oracle. It is a multi-core, multi-threaded 64-bit processor with open-source hardware, including the microprocessor core, as well as system software that can be freely modified by researchers. We modify the OpenSPARC T1 processor by adding security modules: an AES engine, a TRNG and a memory integrity tree. These enhancements enable security features like memory encryption and memory integrity verification. By prototyping this single-chip secure processor on the FPGA platform, we find that the OpenSPARC T1 FPGA platform has many advantages for secure processor research. Our prototyping demonstrates that additional modules can be added quickly and easily and they add little resource overhead to the base OpenSPARC processor.}, author = {Jakub Szefer and Wei Zhang and Yu-Yuan Chen and David Champagne and King Chan and Will Li and Ray Cheung and Ruby B. Lee} } @conference { , title = {A Case for Hardware Protection of Guest VMs from Compromised Hypervisors in Cloud Computing}, year = {2011}, month = {June 20-24, 2011}, abstract = {Cloud computing, enabled by virtualization technologies, is becoming a mainstream computing model. Many companies are starting to utilize the infrastructure-as-a-service (IaaS) cloud computing model, leasing guest virtual machines (VMs) from the infrastructure providers for economic reasons: to reduce their operating costs and to increase the flexibility of their own infrastructures. Yet, many companies may be hesitant to move to cloud computing due to security concerns. An integral part of any virtualization technology is the all-powerful hypervisor. A hypervisor is a system management software layer which can access all resources of the platform. Much research has been done on using hypervisors to monitor guest VMs for malicious code and on hardening hypervisors to make them more secure. There is, however, another threat which has not been addressed by researchers ? that of compromised or malicious hypervisors that can extract sensitive or confidential data from guest VMs. Consequently, we propose that a new research direction needs to be undertaken to tackle this threat. We further propose that new hardware mechanisms in the multicore microprocessors are a viable way of providing protections for the guest VMs from the hypervisor, while still allowing the hypervisor to flexibly manage the resources of the physical platform.}, author = {Jakub Szefer and Ruby B. Lee} } @conference { , title = {Eliminating the Hypervisor Attack Surface for a More Secure Cloud}, year = {2011}, month = {Oct. 17-21, 2011}, abstract = {Cloud computing is quickly becoming the platform of choice for many web services. Virtualization is the key underlying technology enabling cloud providers to host services for a large number of customers. Unfortunately, virtualization software is large, complex, and has a considerable attack surface. As such, it is prone to bugs and vulnerabilities that a malicious virtual machine (VM) can exploit to attack or obstruct other VMs ? a major concern for organizations wishing to move ?to the cloud.? In contrast to previous work on hardening or minimizing the virtualization software, we eliminate the hypervisor attack surface by enabling the guest VMs to run natively on the underlying hardware while maintaining the ability to run multiple VMs concurrently. Our NoHype system embodies four key ideas: (i) pre-allocation of processor cores and memory resources, (ii) use of virtual- ized I/O devices, (iii) minor modifications to the guest OS to perform all system discovery during bootup, and (iv) avoid- ing indirection by bringing the guest virtual machine in more direct contact with the underlying hardware. Hence, no hy- pervisor is needed to allocate resources dynamically, emulate I/O devices, support system discovery after bootup, or map interrupts and other identifiers. NoHype capitalizes on the unique use model in cloud computing, where customers specify resource requirements ahead of time and providers offer a suite of guest OS kernels. Our system supports multiple tenants and capabilities commonly found in hosted cloud infrastructures. Our prototype utilizes Xen 4.0 to prepare the environment for guest VMs, and a slightly modified version of Linux 2.6 for the guest OS. Our evaluation with both SPEC and Apache benchmarks shows a roughly 1% performance gain when running applications on NoHype compared to running them on top of Xen 4.0. Our security analysis shows that, while there are some minor limitations with cur- rent commodity hardware, NoHype is a significant advance in the security of cloud computing.}, author = {Jakub Szefer and Eric Keller and Ruby B. Lee and Jennifer Rexford} } @article { , title = {Trust but Verify: Trust Evidence for Hypervisor-Secure Virtualization}, journal = {Princeton University Department of Electrical Engineering Technical Report CE-L2011-008}, year = {2011}, month = {Nov. 16, 2011}, author = {Jakub Szefer and Jason Bau and John C. Mitchell and Ruby B. Lee} } @conference { , title = {General-purpose FPGA Platform for Efficient Encryption and Hashing}, year = {2010}, month = {July 7-9, 2010}, abstract = {Many applications require protection of secret or sensitive information, from sensor nodes and embedded applications to large distributed systems. The confidentiality of data can be protected by encryption using symmetric-key ciphers, and the integrity of the data can be ensured by using a cryptographic hash function to calculate a ?digital fingerprint.? In this paper, we propose reconfigurable FPGA hardware components that enable rapid deployment of cryptographic and other algorithms. The novelty of our hardware components is in their general-purpose design which enables easy mappings to allow customizations of data protection for different usage scenarios. Since we utilize only a small part of an FPGA chip, our design can be readily integrated with other processing needs of a mobile device, a sensor node or a System-on-Chip. In addition to being able to implement established algorithms, our analysis shows that the new hash algorithms proposed for the National Institute of Standards and Technology (NIST) competition for Advanced Hash Algorithms (AHS) also map well onto our general-purpose components. Our solution facilitates easy hardware implementation of customizable encryption and hashing solutions, with area and speed performance comparable to custom FPGA implementations targeted at a specific cipher or hash algorithm. Furthermore, the components that we have proposed can be used for many other applications - not just for implementing block ciphers and cryptographic hash functions.}, author = {Jakub Szefer;Yu-Yuan Chen;Ruby B. Lee} } @article { , title = {Evaluation of OpenSPARC FPGA Platform as a Security and Performance Research Platform}, journal = {Princeton University Department of Electrical Engineering Technical Report CE-L2010-002}, year = {2010}, month = {Sept. 6, 2010}, author = {Jakub Szefer and Yu-Yuan Chen and Ray Cheung and Ruby B. Lee.} } @conference { , title = {A Framework for Testing Hardware-Software Security Architectures}, year = {2010}, month = {December 6 2010}, address = {Austin, Texas USA}, abstract = {New security architectures are dif?cult to prototype and test at the design stage. Fine-grained monitoring of the interactions between hardware, the operating system, and applications is required. We have designed and prototyped a testing framework, using virtualization, that can emulate the behavior of new hardware mechanisms in the virtual CPU and can perform a wide range of hardware and software attacks on the system under test. Our testing framework provides APIs for monitoring hardware and software events in the system under test, launching attacks, and observing their effects. We demonstrate its use by testing the security properties of the Secret Protection (SP) architecture using a suite of attacks. We show two important lessons learned from the testing of the SP architecture that affect the design and implementation of the architecture. Our framework enables extensive testing of hardware-software security architectures, in a realistic and ?exible environment, with good performance provided by virtualization.}, author = {Jeffrey S. Dwoskin and Mahadevan Gomathisankaran and Yu-Yuan Chen and Ruby B. Lee} } @article { , title = {A Framework for Testing Hardware-Software Security Architectures}, journal = {Princeton University Department of Electrical Engineering Technical Report CE-L2009-001}, year = {2009}, note = {Updated June 2009}, month = {February 2009}, URL = {http://palms.ee.princeton.edu/PALMSopen/Dwoskin200906_TestingFramework.pdf}, author = {Jeffrey Dwoskin;Mahadevan Gomathisankaran;Ruby B. Lee} } @article { , title = {SP Reference Manual Addendum -- Secure Stacks for TSMs and Emulation of SP Interrupt Protection}, journal = {Princeton University Department of Electrical Engineering Technical Report CE-L2009-006}, year = {2009}, month = {August 2009}, URL = {http://palms.ee.princeton.edu/PALMSopen/techreports/Dwoskin2009SecureStacks.pdf}, author = {Jeffrey S. Dwoskin and Mahadevan Gomathisankaran and David Champagne and Ruby B. Lee} } @article { , title = {Framework for Design Validation of Security Architectures}, journal = {Princeton University Department of Electrical Engineering Technical Report CE-L2008-013}, year = {2008}, month = {November 2008}, URL = {http://palms.ee.princeton.edu/PALMSopen/techreports/Dwoskin2008TestingFramework.pdf}, author = {Jeffrey S. Dwoskin and Mahadevan Gomathisankaran and Ruby B. Lee} } @article { , title = {SecureCore Prototype/Demo Manual}, journal = {Princeton University Department of Electrical Engineering Technical Report CE-L2008-009}, year = {2008}, note = {Updated August 25 2009}, month = {August 2008}, URL = {http://palms.ee.princeton.edu/PALMSopen/techreports/Dwoskin2009SecureCoreDemo1.1v1.pdf}, author = {Jeffrey S. Dwoskin and Ganesha Bhaskara and Thuy D. Nguyen and Ruby B. Lee} } @article { , title = {SP Processor Architecture Reference Manual}, journal = {Princeton University Department of Electrical Engineering Technical Report CE-L2008-008}, year = {2008}, month = {August 2008}, URL = {http://palms.ee.princeton.edu/PALMSopen/techreports/Dwoskin2008SP_Reference1.0.pdf}, author = {Jeffrey S. Dwoskin and Ruby B. Lee} } @misc { , title = {Authority SP_CCS2007}, year = {2007}, author = {Jeffrey Dwoskin and Ruby Lee} } @article { , title = {Cloud Server Benchmark Suite for Evaluating New Hardware Architectures}, journal = {IEEE Computer Architecture Letters}, year = {2016}, month = {July-Dec 2016}, abstract = {Adding new hardware features to a cloud computing server requires testing both the functionality and the performance of the new hardware mechanisms. However, commonly used cloud computing server workloads are not well-represented by the SPEC integer and floating-point benchmark and Parsec suites typically used by the computer architecture community. Existing cloud benchmark suites for scale-out or scale-up computing are not representative of the most common cloud usage, and are very difficult to run on a cycle-accurate simulator that can accurately model new hardware, like gem5. In this paper, we present PALMScloud, a suite of cloud computing benchmarks for performance evaluation of cloud servers, that is ready to run on the gem5 cycle-accurate simulator. We conduct a behavior characterization and analysis of the benchmarks. We hope that these cloud benchmarks, ready to run on a dual-machine gem5 simulator or on real machines, can be useful to other researchers interested in improving hardware micro-architecture and cloud server performance}, author = {Hao Wu and Fangfei Liu and Ruby B. Lee} } @article { , title = {A New Basis for Shifters in General-Purpose Processors for Existing and Advanced Bit Manipulations}, journal = {IEEE Transactions on Computing}, volume = {58}, year = {2009}, note = {Available online since November 2008.}, month = {August 2009}, abstract = {This paper describes a new basis for the implementation of the shifter functional unit in microprocessors that can implement new advanced bit manipulations as well as standard shifter operations. Our design is based on the inverse butterfly and butterfly datapath circuits, rather than the barrel shifter or log-shifter designs currently used. We show how this new shifter can implement the standard shift and rotate operations, as well as more advanced extract, deposit and mix operations found in some processors. Furthermore, it can perform important new classes of even more advanced bit manipulation instructions like arbitrary bit permutations, bit gather (or parallel extract) and bit scatter (or parallel deposit) instructions. Thus, our new functional unit performs the functionality of three functional units ? the basic shifter, the multimedia-mix unit and the advanced bit manipulation functional unit, while having a latency only slightly longer than that of the log-shifter.}, author = {Hilewitz, Yedidya and Lee, Ruby B.} } @conference { , title = {Accelerating the Whirlpool Hash Function Using Parallel Table Lookup and Fast Cyclical Permutation}, year = {2008}, month = {February 2008}, address = {Lausanne, Switzerland}, abstract = {Hash functions are an important building block in almost all security applications. In the past few years, there have been major advances in the cryptanalysis of hash functions, especially the MDx family, and it has become important to select new hash functions for next-generation security applications. One of the potential candidates is Whirlpool, an AES-based hash function. Whirlpool adopts a very different design approach from MDx, and hence it has withstood all the latest attacks. However, its slow software performance has made it less attractive for practical use. In this paper, we present a new software implementation of Whirlpool that is significantly faster than previous ones. Our optimization leverages new ISA extensions, in particularly Parallel Table Lookup (PTLU), which has previously been proposed to accelerate block ciphers like AES and DES, multimedia and other applications. We also show a novel cyclical permutation algorithm that can concurrently convert rows of a matrix to diagonals. We obtain a speedup of 8.8x and 13.9x over a basic RISC architecture using 64-bit and 128-bit PTLU modules, respectively. This is equivalent to rates of 11.4 and 7.2 cycles/byte, respectively, which makes our Whirlpool implementation faster than the fastest published rate of 12 cycles/byte for SHA-2 in software.}, author = {Hilewitz, Yedidya and Yin, Yiqun Lisa and Lee, Ruby B.} } @article { , title = {Fast Bit Matrix Multiplication in Commodity Microprocessors}, year = {2007}, month = {November 2007}, address = {Princeton University Department of Electrical Engineering Technical Report CE-L2007-011}, author = {Hilewitz, Yedidya and Lauradoux, Cedric and Lee, Ruby B.} } @conference { , title = {Performing Advanced Bit Manipulations Efficiently in General-Purpose Processors}, year = {2007}, month = {June 2007}, pages = {251-260}, address = {Montpellier, France}, abstract = {This paper describes a new basis for the implementation of a shifter functional unit. We present a design based on the inverse butterfly and butterfly datapath circuits that performs the standard shift and rotate operations, as well as more advanced extract, deposit and mix operations found in some processors. Additionally, it also supports important new classes of even more advanced bit manipulation instructions recently proposed: these include arbitrary bit permutations, bit scatter and bit gather instructions. The new functional unit?s datapath is comparable in latency to that of the classic barrel shifter. It replaces two existing functional units - shifter and mix - with a much more powerful one.}, keywords = {shifter, rotations, permutations, bit manipulations, arithmetic, processor}, author = {Hilewitz, Yedidya and Lee, Ruby B.} } @article { , title = {A New Basis for Shifters in General-Purpose Processors for Existing and Advanced Bit Manipulations}, year = {2007}, month = {July 2007}, address = {Princeton University Department of Electrical Engineering Technical Report CE-L2007-004}, author = {Hilewitz, Yedidya and Lee, Ruby B.} } @article { , title = {Accelerating the Whirlpool Hash Function using On-Chip Lookup Tables}, year = {2007}, month = {February 2007}, address = {Princeton University Department of Electrical Engineering Technical Report CE-L2007-001}, author = {Hilewitz, Yedidya and Lee, Ruby B.} } @article { , title = {Achieving Very Fast Bit Matrix Multiplication in Commodity Microprocessors}, year = {2007}, month = {August 2007}, address = {Princeton University Department of Electrical Engineering Technical Report CE-L2007-006}, author = {Hilewitz, Yedidya and Lee, Ruby B.} } @conference { , title = {Fast Bit Compression and Expansion with Parallel Extract and Parallel Deposit Instructions}, year = {2006}, note = {(Best Paper Award)}, month = {11/09/2006}, pages = {65-72}, abstract = {Current microprocessor instruction set architectures are word oriented, with some subword support. Many important applications, however, can realize substantial performance benefits from bitoriented instructions. We propose the parallel extract (pex) and parallel deposit (pdep) instructions to accelerate compressing and expanding selections of bits. We show that these instructions can be implemented by the fast inverse butterfly and butterfly network circuits. We evaluate latency and area costs of alternative functional units for implementing subsets of advanced bit manipulation instructions. We show applications exhibiting significant speedup, 3.41}, URL = {http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=04019493}, author = {Hilewitz, Yedidya and Lee, Ruby B.} } @conference { , title = {Comparing Fast Implementations of Bit Permutation Instructions}, year = {2004}, month = {Nov. 2004}, pages = {1856-1863}, address = {Pacific Grove, California, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/hilewitz04comparing_with_cit.pdf}, author = {Hilewitz, Yedidya and Shi, Zhijie Jerry and Lee, and Ruby B.} } @conference { , title = {Smartphone Impostor Detection with Behavioral Data Privacy and Minimalist Hardware Support}, year = {2021}, author = {Guangyuan Hu and Zecheng He and Ruby B. Lee} } @conference { , title = {SoK: Hardware Defenses Against Speculative Execution Attacks}, year = {2021}, abstract = {Speculative execution attacks leverage the speculative and out-of-order execution features in modern computer processors to access secret data or execute code that should not be executed. Secret information can then be leaked through a covert channel. While software patches can be installed for mitigation on existing hardware, these solutions can incur big performance overhead. Hardware mitigation is being studied extensively by the computer architecture community. It has the benefit of preserving software compatibility and the potential for much smaller performance overhead than software solutions. This paper presents a systematization of the hardware defenses against speculative execution attacks that have been proposed. We show that speculative execution attacks consist of 6 critical attack steps. We propose defense strategies, each of which prevents a critical attack step from happening, thus preventing the attack from succeeding. We then summarize 20 hardware defenses and overhead-reducing features that have been proposed. We show that each defense proposed can be classified under one of our defense strategies, which also explains why it can thwart the attack from succeeding. We discuss the scope of the defenses, their performance overhead, and the security-performance trade-offs that can be made.}, author = {Guangyuan Hu and Zecheng He and Ruby B. Lee} } @conference { , title = {Position Paper: Consider Hardware-enhanced Defenses for Rootkit Attacks}, year = {2020}, abstract = {Rootkits are malware that attempt to compromise the system?s functionalities while hiding their existence. Various rootkits have been proposed as well as different software defenses, but only very few hardware defenses. We position hardware-enhanced rootkit defenses as an interesting research opportunity for computer architects, especially as many new hardware defenses for speculative execution attacks are being actively considered. We first describe different techniques used by rootkits and their prime targets in the operating system. We then try to shed insights on what the main challenges are in providing a rootkit defense, and how these may be overcome. We show how a hypervisor-based defense can be implemented, and provide a full prototype implementation in an open-source cloud computing platform, OpenStack. We evaluate the performance overhead of different defense mechanisms. Finally, we point to some research opportunities for enhancing resilience to rootkit-like attacks in the hardware architecture.}, author = {Guangyuan Hu and Tianwei Zhang and Ruby Lee} } @conference { , title = {Butterfly and inverse Butterfly nets integration on Altera NioS-ii embedded processor}, year = {2010}, month = {November 2010}, address = {Pacific Grove, California, USA}, author = {Gian Carlo Cardarilli and Luca Di Nunzio and Rocco Fazzolari and Ruby B. Lee and Marco Re} } @article { , title = {Virtualization of a Processor-based Crypto-Protection Mechanism and Integration within a Separation Kernel Architecture}, journal = {Princeton University Department of Electrical Engineering Technical Report CE-L2006-006}, year = {2006}, month = {November 2006}, URL = {http://palms.ee.princeton.edu/PALMSopen/techreports/bhaskara06virtualization.pdf}, author = {Ganesha Bhaskara and Timothy E. Levin and Thuy D. Nguyen and Cynthia E. Irvine and Terry V. Benzel and Jeffrey S. Dwoskin and Ruby B. Lee} } @conference { , title = {CATalyst: Defeating Last-Level Cache Side Channel Attacks in Cloud Computing}, year = {2016}, month = {March 2016}, address = {Barcelona, Spain}, author = {Fangfei Liu;Qian Ge;Yuval Yarom;Frank Mckeen;Carlos Rozas;Gernot Heiser;Ruby Lee} } @article { , title = {Newcache: secure cache architecture thwarting cache side channel attacks}, journal = {IEEE Micro Special Issues on Security}, volume = {36}, year = {2016}, month = {Sept/Oct 2016}, abstract = {Newcache is a secure cache that can thwart cache side-channel attacks to prevent the leakage of secret information. All caches today are susceptible to cache side-channel attacks, despite software isolation of memory pages in virtual address spaces or virtual machines. These cache attacks can leak secret encryption keys or private identity keys, nullifying any protection provided by strong cryptography. Newcache uses a novel dynamic, randomized memory-to-cache mapping to thwart contention-based side-channel attacks, rather than the static mapping used by conventional set-associative caches. In this article, the authors present an improved design of Newcache, in terms of security, circuit design and simplicity. They show Newcache's security against a suite of cache side-channel attacks. They evaluate Newcache's system performance for cloud computing, smartphone, and SPEC benchmarks and find that Newcache performs as well as conventional set-associative caches, and sometimes better. They also designed a VLSI test chip with a 32-Kbyte Newcache and a 32-Kbyte, eight-way, set-associative cache and verified that the access latency, power, and area of the two caches are comparable. These results show that Newcache can be used as L1 data and instruction caches to improve security without impacting performance.}, author = {Fangfei Liu and Hao Wu and Kenneth Mai and Ruby B. Lee} } @conference { , title = {Last-Level Cache Side-Channel Attacks are Practical}, year = {2015}, month = {May 2015}, pages = {605-622}, address = {San Jose}, author = {Fangfei Liu;Yuval Yarom;Qian Ge;Gernot Heiser;Ruby B. Lee} } @conference { , title = {Can randomized mapping secure instruction caches from side-channel attacks?}, year = {2015}, month = {June 13, 2015}, address = {Portland}, author = {Fangfei Liu;Hao Wu;Ruby B. Lee} } @conference { , title = {Random Fill Cache Architecture}, year = {2014}, month = {December 2014}, pages = {203-215}, address = {Cambridge}, author = {Fangfei Liu;Ruby B. Lee} } @conference { , title = {Security Testing of a Secure Cache Design}, year = {2013}, month = {June 24, 2013}, author = {Fangfei Liu and Ruby B. Lee} } @article { , title = {Adaptive and Dynamic Network Provisioning with Network Forensics Devices}, journal = {Princeton University Department of Electrical Engineering Technical Report CE-L2011-005}, year = {2011}, month = {Sept. 15, 2011}, author = {Fangfei Liu and Ashutosh Dutta and Ruby B. Lee} } @conference { , title = {On-Chip Lookup Tables for Fast Symmetric-Key Encryption}, year = {2005}, month = {July 23-25, 2005}, pages = {356-363}, address = {Samos, Greece}, keywords = {combinational circuits, cryptography, reduced instruction set computing, table lookup}, URL = {http://palms.ee.princeton.edu/PALMSopen/fiskiran05on-chip_cit.pdf}, author = {Fiskiran, Murat and Lee, Ruby B.} } @conference { , title = {Fast Parallel Table Lookups to Accelerate Symmetric-Key Cryptography}, year = {2005}, month = {April 4-6, 2005}, pages = {526-531}, address = {Las Vegas, Nevada, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/fiskiran05fast_with_citation.pdf}, author = {Fiskiran, Murat and Lee, Ruby B.} } @conference { , title = {Evaluating Instruction Set Extensions for Fast Arithmetic on Binary Finite Fields}, year = {2004}, month = {Sept. 2004}, pages = {125-136}, address = {Galveston, Texas, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/fiskiran04evaluating_with_citation.pdf}, author = {Fiskiran, Murat and Lee, Ruby B.} } @conference { , title = {Performance Scaling of Cryptography Operations in Servers and Mobile Clients}, year = {2004}, month = {Oct. 2004}, address = {Boston, Massachusetts, USA}, keywords = {network security, algorithms, cryptography, public key}, URL = {http://palms.ee.princeton.edu/PALMSopen/fiskiran04performance_with_citation.pdf}, author = {Fiskiran, Murat and Lee, Ruby B.} } @conference { , title = {Runtime Execution Monitoring (REM) to Detect and Prevent Malicious Code Execution}, year = {2004}, month = {Oct. 11-13, 2004}, pages = {452-457}, address = {San Jose, California, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/fiskiran04runtime.pdf}, author = {Fiskiran, Murat and Lee, Ruby B.} } @inbook { , title = {PAX: A Datapath-Scalable Minimalist Cryptographic Processor for Mobile Devices}, booktitle = {Book chapter in Nadia Nedjah and Luiza de Macedo Mourelle eds., Embedded Cryptographic Hardware: Design and Security}, editor = {Nadia Nedjah; Luiza de Macedo Mourelle}, year = {2004}, pages = {19-34}, publisher = {Nova Science Publisher, ISBN: 1-59454-145-0, Chapter 2}, address = {New York}, URL = {https://www.novapublishers.com/catalog/product_info.php?products_id=270}, author = {Fiskiran, Murat and Lee, Ruby B.} } @conference { , title = {Workload Characterization of Elliptic Curve Cryptography and other Network Security Algorithms for Constrained Environments}, year = {2002}, month = {Nov. 2002}, pages = {127-137}, address = {Austin, Texas, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/fiskiran02workload-presentation-with-reference.pdf}, author = {Fiskiran, Murat and Lee, Ruby B.} } @conference { , title = {Performance Impact of Addressing Modes on Encryption Algorithms}, year = {2001}, month = {Sept. 2001}, pages = {542-545}, address = {Austin, Texas, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/fiskiran01performance-from-proceedings.pdf}, author = {Fiskiran, Murat and Lee, Ruby B.} } @conference { , title = {NoHype: Virtualized cloud infrastructure without the virtualization}, year = {2010}, month = {June 19-23 2010}, abstract = {Cloud computing is a disruptive trend that is changing the way we use computers. The key underlying technology in cloud infrastructures is virtualization ? so much so that many consider virtualization to be one of the key features rather than simply an implementation detail. Unfortunately, the use of virtualization is the source of a significant security concern. Because multiple virtual machines run on the same server and since the virtualization layer plays a considerable role in the operation of a virtual machine, a malicious party has the opportunity to attack the virtualization layer. A successful attack would give the malicious party control over the all-powerful virtualization layer, potentially compromising the confidentiality and integrity of the software and data of any virtual machine. In this paper we propose removing the virtualization layer, while retaining the key features enabled by virtualization. Our NoHype architecture, named to indicate the removal of the hypervisor, addresses each of the key roles of the virtualization layer: arbitrating access to CPU, memory, and I/O devices, acting as a network device (e.g., Ethernet switch), and managing the starting and stopping of guest virtual machines. Additionally, we show that our NoHype architecture may indeed be ?no hype? since nearly all of the needed features to realize the NoHype architecture are currently available as hardware extensions to processors and I/O devices.}, author = {Eric Keller;Jakub Szefer;Jennifer Rexford and Ruby B. Lee} } @conference { , title = {Accountability in Hosted Virtual Networks}, year = {2009}, month = {August 2009}, address = {Barcelona, Spain}, author = {Eric Keller and Ruby B. Lee and Jennifer Rexford} } @conference { , title = {TEC-Tree: A Low Cost, Parallelizable Tree for Efficient Defense against Memory Replay Attacks}, year = {2007}, note = {Lecture Notes in Computer Science (LNCS) Volume 4727}, month = {September 2007}, pages = {289-302}, address = {Vienna, Austria}, abstract = {Replay attacks are often the most costly attacks to thwart when dealing with off-chip memory integrity. With a trusted System-on-Chip, the existing countermeasures against replay require a large amount of on-chip memory to provide tamper-proof storage for metadata such as hash values or nonces. Tree-based strategies can be deployed to reduce this unacceptable overhead; for example, the well-known Merkle tree technique decreases this overhead to a single hash value. However, it comes at the cost of performance-killing characteristics for embedded systems ? e.g. non-parallelizable hash computations on tree updates. In this paper, we propose an alternative solution: the Tamper-Evident Counter Tree (TEC-Tree). It allows for tamper-evident off-chip storage of the nonces involved in a replay countermeasure; TEC-Tree parallelizes the computations involved in both the authentication and tree update processes. Moreover, because our tree relies on block encryption, it provides data confidentiality at no extra cost. TEC-Tree is a deployable solution for memory integrity, with low performance hit and hardware cost.}, author = {Elbaz, Reouven and Champagne, David and Lee, Ruby B. and Torres, Lionel and Sassatelli, Gilles and Guillemin, Pierre} } @article { , title = {TEC-Tree: A Low Cost and Parallelizable Tree for Efficient Defense against Memory Replay Attacks}, year = {2007}, month = {March 2007}, address = {Princeton University Department of Electrical Engineering Technical Report CE-L2007-002}, author = {Elbaz, Reouven and Champagne, David and Lee, Ruby B.} } @conference { , title = {Characterizing Hypervisor Vulnerabilities in Cloud Computing Servers}, year = {2013}, month = {May 2013}, author = {Diego Perez-Botero and Jakub Szefer and Ruby B. Lee} } @conference { , title = {Scalable Architectural Support for Trusted Software}, year = {2010}, note = {Nominated for Best Paper Award.}, month = {Jan 9-14 2010}, address = {Bangalore, India}, abstract = {We present Bastion, a new hardware-software architecture for protecting security-critical software modules in an untrusted software stack. Our architecture is composed of enhanced microprocessor hardware and enhanced hypervisor software. Each trusted software module is provided with a secure, fine-grained memory compartment and its own secure persistent storage area. Bastion is the first architecture to provide direct hardware protection of the hypervisor from both software and physical attacks, before employing the hypervisor to provide the same protection to security-critical OS and application modules. Our implementation demonstrates the feasibility of bypassing an untrusted commodity OS to provide application security and shows better security with higher performance when compared to the Trusted Platform Module (TPM), the current industry state-of-the-art security chip. We provide a proof-of- concept implementation on the OpenSPARC platform. }, author = {David Champagne and Ruby B. Lee} } @inbook { , title = {Key management in wireless ad hoc networks}, booktitle = {Theoretical Aspects of Distributed Computing in Sensor Networks}, year = {2010}, abstract = {Full citation: D. Xu, J. Dwoskin, J. Huang, T. Lan, R. B. Lee, and M. Chiang, ?Key management in wireless ad hoc networks?, Theoretical Aspects of Distributed Computing in Sensor Networks, Ed., S. Nikoletseas and J. Rolim, Springer, November 2010.}, author = {D. Xu and J. Dwoskin and J. Huang and T. Lan and R. B. Lee and and M. Chiang} } @conference { , title = {Processor-based Tailored Attestation}, year = {2010}, author = {David Champagne and Ruby B. Lee} } @misc { , title = {Bastion_rl}, year = {2010}, author = {David Champagne and Ruby Lee} } @conference { , title = {Forward-Secure Content Distribution to Reconfigurable Hardware}, year = {2008}, month = {December 2008}, author = {David Champagne and Reouven Elbaz and Ruby B. Lee} } @conference { , title = {The Reduced Address Space for Application Memory Authentication}, year = {2008}, month = {September 2008}, author = {David Champagne and Reouven Elbaz and Ruby B. Lee} } @conference { , title = {Hardware-rooted Trust for Secure Key Management and Transient Trust}, year = {2007}, month = {October 2007}, pages = {389-400}, address = {Alexandria, VA}, abstract = {
We propose minimalist new hardware additions to a microprocessor chip that protect cryptographic keys in portable computing devices which are used in the field but owned by a central authority. Our authority-mode architecture has trust rooted in two critical secrets: a Device Root Key and a Storage Root Hash, initialized in the device by the trusted authority. Our architecture protects trusted software, bound to the device, which can use the root secrets to protect other sensitive information for many different usage scenarios. We describe a detailed usage scenario for crisis response, where first responders are given transient access to third-party sensitive information which can be securely accessed during a crisis and reliably revoked after the crisis is over.
We leverage the Concealed Execution Mode of our earlier user-mode SP (Secret-Protecting) architecture to protect trusted code and its execution [1]. We call our new architecture authority-mode SP since it shares the same architectural lineage and the goal of minimalist hardware roots of trust. However, we completely change the key management hardware and software to enable new remote trust mechanisms that user-mode SP cannot support. In our new architecture, trust is built on top of the shared root key which binds together the secrets, policy and trusted software on the device. As a result, the authority-mode SP architecture can be used to provide significant new functionality including transient access to secrets with reliable revocation mechanisms, controlled transitive support for policy-controlled secrets belonging to different organizations, and remote attestation and secure communications with the authority.}, author = {Dwoskin, Jeffrey and Lee, Ruby B.} } @conference { , title = {Secure Key Management Architecture Against Sensor-node Fabrication Attacks}, year = {2007}, month = {November 2007}, address = {Washington, DC}, abstract = {Abstract?In lightweight mobile ad hoc networks, both probabilistic and deterministic key management schemes are fragile to node fabrication attacks. Our simulation results show that the Successful Attack Probability (SAP) can be as high as 42.6% with the fabrication of only 6 copies from captured nodes comprising only 3% of all nodes. In this paper, we propose two low-cost secure-architecture-based techniques to improve the security against such node fabrication attacks. Our new architectures, speci?cally targeted at the sensor-node platform, protect long-term keys using a root of trust embedded in the hardware System-on-a-Chip (SoC). This prevents an adversary from extracting these protected long-term keys from a captured node to fabricate new nodes. The extensive simulation results show that the proposed architecture can signi?cantly decrease the SAP and increase the security level of key management for mobile ad hoc networks.}, author = {Dwoskin, Jeffrey and Xu, Dahai and Huang, Jianwei and Chiang, Mung and Lee, Ruby B.} } @article { , title = {SP Processor Architecture Reference Manual}, year = {2007}, note = {Version 0.7}, month = {11/21/2007}, address = {Princeton University Department of Electrical Engineering Technical Report CE-L2007-009}, author = {Dwoskin, Jeff and Lee, Ruby B.} } @conference { , title = {Scoping Security Issues for Interactive Grids}, year = {2003}, month = {Nov. 2003}, pages = {367-373}, address = {Pacific Grove, California, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/dwoskin03scoping.pdf}, author = {Dwoskin, Jeffrey and Basu, Sujoy and Talwar, Vanish and Kumar, Raj and Kitson, Fred and Lee, Ruby B.} } @conference { , title = {Hardware-Assisted Application-Level Access Control}, year = {2009}, month = {September 2009}, address = {Pisa, Italy}, abstract = {Applications typically rely on the operating system to en- force access control policies such as MAC, DAC, or other policies. How- ever, in the face of a compromised operating system, such protection mechanisms may be ine ective. Since security-sensitive applications are most motivated to maintain access control to their secret or sensitive in- formation, and have no control over the operating system, it is desirable to provide mechanisms to enable applications to protect information with application-speci c policies, in spite of a compromised operating system. In this paper, we enable application-level access control and information sharing with direct hardware support and protection, bypassing the de- pendency on the operating system. We analyze an originator-controlled information sharing policy (ORCON), where the content creator speci- es who has access to the le created and maintains this control after the le has been distributed. We show that this policy can be enforced by the software-hardware mechanisms provided by the Secret Protection (SP) architecture, where a Trusted Software Module (TSM) is directly protected by SP's hardware features. We develop a proof-of-concept text editor application which contains such a TSM. This TSM can imple- ment many di erent policies, not just the originator-controlled policy that we have de ned. We also propose a general methodology for trust- partitioning an application into security-critical and non-critical parts.}, author = {Chen, Yu-Yuan and Lee, Ruby B.} } @conference { , title = {Tuning Instruction Customisation for Reconfigurable System-on-Chip}, year = {2009}, month = {Sept. 9-11, 2009}, abstract = {This paper describes four techniques for tuning instruction customisation for reconfigurable SoC devices. The proposed approach has been used in deriving custom instructions for advanced bit manipulation applications for the Xilinx MicroBlaze processor. We show that for a transfer coding application, a custom instruction with an increase of 13% in area can result in performance improvement of over 33 times.}, author = {Chun Hok Ho and Wayne Luk and Jakub M. Szefer and Ruby B. Lee} } @conference { , title = {Impact of Dynamic Binary Translators on Security}, year = {2008}, month = {21/06/2008}, address = {Beijing, China}, abstract = {Dynamic Binary Translators (DBTs) allow programs written for a specific platform to be run on other platforms without the need for recompilation. They allow legacy software to be run on newer hardware architectures, they can perform dynamic optimization of software, and virtualization. Other benefits include providing enhanced security by dynamically adding checking code around possible software security vulnerabilities. However, before this is even considered, there are two aspects of DBTs that must first be addressed. First, are software protections provided by the application preserved under the runtime translation and optimizations done by a DBT? Will they be optimized out? We study a range of software protection techniques including Stackshield, Propolice and Stackguard, Libsafe, address space randomization, checksumming, watermarking, system call sandboxing, authenticated system calls, code obsfucation and morphing, anti-debugging, instruction-set randomization, and proof carrying code. Second, how is the DBT itself protected? How is its code cache protected? Without adequate protection, a DBT can be exploited by an attacker to cause disastrous system consequences. We propose three solutions. One solution adds a small set of hardware features to the microprocessor, as defined by the Secret Protection (SP) architecture, to protect the DBT and its code cache.}, author = {Chen, Yu-Yuan and Wu, Youfeng and Hu, Shiliang and Lee, Ruby B.} } @article { , title = {Dynamic Integrity Trees for Deployable Memory Authentication}, year = {2007}, month = {November 2007}, address = {Department of Electrical Engineering Technical Report CE-L2007-013}, author = {Champagne, David and Elbaz, Reouven and Lee, Ruby B.} } @article { , title = {Memory Integrity for Secure Computing Platforms}, year = {2007}, month = {June 2007}, address = {Princeton University Department of Electrical Engineering Technical Report CE-L2007-003}, author = {Champagne, David and Lee, Ruby B.} } @conference { , title = {Scope of DDoS Countermeasures: Taxonomy of Proposed Solutions and Design Goals for Real-World Deployment}, year = {2006}, month = {November 2006}, abstract = {Distributed Denial of Service (DDoS) attacks have been plaguing the Internet for several years. They cause economic losses due to the unavailability of services and potentially serious security problems due to incapacitation of critical infrastructures. Such severe implications lead the research community to strive to find DDoS countermeasures. In spite of all the ideas that have been developed, a practical and comprehensive defense system has yet to be deployed Internetwide. Through a novel taxonomy, this paper classifies and describes DDoS countermeasures developed by industry and academia. To our knowledge, our taxonomy is the first to unify such a large body of work into a single, detailed classification. Based on the analysis of these ideas, we then introduce design goals and principles that can guide the development of a practical DDoS solution.}, keywords = {DDoS Countermeasures, Design Goals, Distributed Denial of Service (DDoS), Taxonomy.}, URL = {http://palms.ee.princeton.edu/PALMSopen/champagne06DDoS.pdf}, author = {Champagne, David and Lee, Ruby B.} } @conference { , title = {A 32kB Secure Cache Memory with Dynamic Replacement Mapping in 65nm bulk CMOS}, year = {2015}, month = {November 2015}, address = {Xiamen, China}, author = {Burak Erbagci and Fangfei Liu and Cagla Cakir and Nail Etkin Can Akkaya and Ruby B. Lee, and Ken Mai} } @conference { , title = {Disruptive Prefetching: Impact on Side-Channel Attacks and Cache Designs}, year = {2015}, month = {May 2015}, address = {Haifa, Israel}, author = {Adi Fuchs;Ruby B. Lee} }