University-affiliated research lab defends America from hackers with Google Cloud & SADA

In recent times, cybersecurity has come to the forefront. The headlines on any given day reflect the ongoing threat of hackers, nation-state actors and organized crime to exploit any computer vulnerabilities that can give them an economic or strategic advantage. For example, by attacking a petroleum pipeline with ransomware, upward of 45 million Americans now have to live with the spectre of gasoline shortages and rising prices. Not only is this an attack on infrastructure but also on Americans’ peace of mind and freedom to come and go.

We needed to create a cloud environment to enable AISS to address the four critical areas of silicon security. The cloud platform will have to support hundreds or more virtual machines and associated storage to run AISS experiments quickly in parallel. Running the experiments is where Google Cloud Platform (GCP) comes in. GCP enables us to run 50 experiments, aggregate them and present them to the user with a recommendation for which security configuration best matches their constraints.

 Warren Savage | Visiting Researcher at ARLIS

The freedom of a democratic people has always required that the government provide a vigilant defense. Those not prepared to defend their freedom have often been vulnerable to threats. And now cybersecurity threats even extend to the silicon-chip level. For example, the 2016 DDoS attack by the Mirai botnet was perpetrated by hacked IoT devices, which mostly consist of microchips running embedded code. 

To combat the cyberthreat to computer chips, the Defense Advanced Research Projects Agency (DARPA), a US Department of Defense agency, awarded the Applied Research Laboratory for Intelligence and Security (ARLIS), a University-Affiliated Research Center (UARC) based at the University of Maryland a four-year contract to independently verify and validate the technology to develop secure microchips as part of the Automatic Implementation of Secure Silicon Program (AISS). AISS aims to combat four categories of microchip cybersecurity issues:

• Side-channel attacks (where the hackers eavesdrop on chip communication) 
• Reverse engineering (to steal the chip’s intellectual property)
• Malicious hardware (that causes a chip to leak secrets or stops it from functioning) 
• Supply-chain attacks (to make counterfeit parts or re-mark defective chips and resell them into the supply chain)

To thwart these cyberthreats, the AISS program will help enable the development of secure silicon by government contractors, state research universities (e.g., University of Florida, Texas A&M) and private companies by allowing them to specify security constraints for their chip design. Instead of needing hundreds of experts working on silicon security, AISS will automate the process by presenting a series of virtual “knobs” to a chip designer that they can adjust to match the needs of the final application. 

“If you’re a chip designer, you know what your application is,” said Warren Savage, Visiting Researcher at ARLIS. “For example, suppose you’re making an IP router chip. Or maybe you’re designing something simpler like a smart sprinkler that knows when it’ll rain and if the yard is wet. In the first case, you need high security because confidential data moves through the network, but power isn’t an issue because the router plugs in. For the sprinkler, data security can be low because the value of moisture info to hackers is low but you have to worry about the chip design being stolen.”

With AISS, designers can constrain the chip on a security, power, timing and cost basis. Based on those constraints, AISS will run up dozens of experiments to determine the optimal chip design and present the three best candidates for the application, as an example. 

Business challenge

In some ways, chip design has not changed much since the 1990s. Then, chips were designed on computer workstations. But no on-premises workstation can run all the AISS experiments in a timely fashion. “We needed to create a cloud environment to enable AISS to address the four critical areas of silicon security,” said Savage. “The cloud platform will have to support hundreds  or more virtual machines and associated storage to run AISS experiments quickly in parallel.” 

Still the process of chip design and chip design tools are still very traditional (e.g., on-prem compute farms), and this fact required a cloud architecture that mimicked as much as possible a traditional semiconductor design environment. AISS had to deliver an on-prem look-and-feel but run in the cloud to provide the necessary computing resources and support a widespread group of researchers located all over the world.

The AISS program has 15 major governmental organizations, public research universities and Fortune 500 corporations collaborating together, which creates a unique challenge to develop a cloud computing architecture that would satisfy the operational requirements of all these organizations. All must have access to the cloud environment and be able to freely collaborate but at the same time feel secure that their intellectual property (IP) and other proprietary knowledge is still safe.

“The ARLIS architecture (AISS Cloud) looks like 15 on-prem environments networked together,” said Savage. “That way Organization A can collaborate with Organization B but still maintain security so they can keep their secrets and can cooperate where and when they want to.”

Conceiving the architecture was the easy part, according to Savage. From his point of view, the real challenge is standing up the entire platform but making it look like an on-prem environment, when in reality it all runs in the cloud.

Solution

After initially considering certain cloud providers but determining that they were unfamiliar with the extraordinary level of complexity associated with chip design, Savage engaged the Google Cloud team. “Running the experiments is where Google Cloud Platform (GCP) comes in,” said Savage. “GCP enables us to run 50 experiments, aggregate them and present them to the user with a recommendation for which security configuration best matches their constraints.” 

For phase 2, SADA and Google Cloud will be setting up a Slurm scheduler to support AISS participants on high performance computing. Think of it as a virtual corral of virtual machines, and we’re going to make 100 Google Compute Engines available to users. Then if an AISS user wants to run 50 experiments, they will send all 50 experiments to GCP and Slurm will schedule all those jobs.

Warren Savage | Visiting Researcher at ARLIS

After deciding on GCP, Savage concluded they would need outside help to deploy AISS in the cloud. As a long-time technical expert in the semiconductor industry, Savage has often hired IT specialists and benefited from the environments they’ve set up. But he felt for a project at the scale of AISS he had to have a cloud computing expert.

“After creating the cloud architecture specification necessary for AISS, I felt very strongly that I must bring in a consultant to handle the actual implementation,” said Savage. “I was not at all confident that my team and I could handle this on our own. That’s when Google Cloud introduced me to SADA.”

For phase 1 of the AISS project, SADA helped stand up 15 private subnets for the participating organizations to perform their work. SADA also set up login server access to shared application services such as EDA tools and source code management repositories. To ensure the security of all the participants, only uploading was enabled to AISS, but no downloading. Per that requirement, SADA implemented a virtual desktop infrastructure (VDI) that lets researchers work on their own in the AISS cloud without needing to have the data on a local machine.

“With VDI, you can get into the AISS cloud environment, but the only thing we allow people to do is upload,” said Savage. “The technology involved from the participating research organizations is worth millions of dollars, and we don’t want anything highly valuable to leak out. By locking AISS down, everybody on the project can work with the technology knowing there’s no chance it will escape.”

Results

As a result of ARLIS’s collaboration with SADA and GCP, approximately 100 researchers from 15 different government organizations, public universities and private corporations have been successfully onboarded to the AISS platform. They represent all classes of researchers from academic research scientists to seasoned chip designers. Together, they are beginning to collaborate to bring AISS to life.

For phase 2, SADA and Google Cloud will be setting up a Slurm scheduler to support AISS participants on high performance computing. “Think of it as a virtual corral of virtual machines, and we’re going to make 100 Google Compute Engines available to users,” said Savage. “Then if an AISS user wants to run 50 experiments, they will send all 50 experiments to GCP and Slurm will schedule all those jobs.”

Also, Google Cloud Compute Engine will enable AISS researchers to begin working in earnest on the four categories of silicon cyberthreats, especially supply-chain attacks.

“As AISS shifts into phase 2, its implications for national security and security of the semiconductor supply chain will come into clearer focus,” said Savage. “AISS has the potential to make a major impact on the way we secure computer chips for the American consumer by preventing or significantly mitigating the hacking of devices. And as we’ve seen in recent times, whether it’s our personal mobile phones, internet-connected petroleum pipelines or the smart electrical grid, hacking at the silicon level poses a real threat that we must all address.”

In summary, ARLIS benefited from working with SADA and Google Cloud by:

• Standing up 15 individual, interconnected GCP projects with an on-prem look-and-feel
• Successfully onboarding over 100 silicon security researchers across 15 high-profile public and private organizations
• Laying the groundwork for high-performance computing in phase 2 of the AISS project

Approved for public release: distribution unlimited.