Google+

Computer Engineering Researcher Focuses on Designing Secure Architectures

Focused on developing computer architectures that are “secure by design” as well as high performing and energy efficient, UCF Assistant Professor Amro Awad and his research team have developed novel technologies to help prepare against cybersecurity attacks and security vulnerabilities. Awad joined UCF in 2017 after working as a senior staff member at Sandia National Labs in Albuquerque, New Mexico. He received his Ph.D. in computer engineering from North Carolina State University in 2016.

“Most attacks are targeted toward software and the system-level layer,” said Awad. “But we have started to see attackers or some vulnerabilities at the hardware level. He referred to Meltdown and Spectre, which are security vulnerabilities that industry and university researchers found in virtually all of the microprocessors made today. The vulnerabilities allow malicious programs to steal sensitive data, such as passwords, personal information, and business-critical documents from devices, including smartphones, personal computers, tablets and cloud servers.

“This has left millions of customers around the world with two options:  to implement expensive patches that incur high overhead or leave their systems nonsecure,” he said.

“So this is a good time for us to start rethinking and designing current hardware architectures for emerging technologies and next-generation computing systems,” he said. “We want to make sure that we are building in security features at design time so that we don’t end up with ad-hoc solutions that cause customers either data leakage or significant performance penalties.”

Improving the recovery time and availability of non-volatile memory systems

Awad worked with Ph.D. student Kazi Abu Zubair to develop a secure memory controller system that significantly reduces the recovery time and overhead associated with NVM-equipped systems. According to Awad, emerging non-volatile memory (NVM) technologies provide almost 1000 times more capacity than traditional computer storage systems and retain data after a system crash caused by application failures or power loss. However, the recovery time for NVMs is slow. “NVMs can have terabytes of memory data and hundreds of gigabytes of metadata, and if an NVM module is secure and has confidentiality and integrity protection, it can take hours to recover,” he said.

“So if my power goes out, the NVM retains data, and I can reboot my system and restore the data. But I want the system to start as soon as possible,” Awad said. “That’s important for high availability systems and systems where they cannot afford to wait for hours until the system is up,” Awad said. Examples of such systems are those in hospitals and data centers. To resolve the problem, the team focused on making current secure memory implementations more scalable in terms of recovery time for rebuilding security metadata. “What we did was reduce the recovery time from around eight hours to less than one second and with very minimal performance overhead.”

For more information about the invention and the research behind it, read the technology sheet.

Encrypting, restoring and auditing secure persistent memory

Two other technologies that Awad developed in this research area provide low-cost mechanisms for managing secure persistent memory in systems, such as those that use NVM devices.

One of the technologies is a new mechanism that allows the recovery of security metadata from NVMs without aggressively updating them in memory during a computer system’s regular operation or runtime. Awad and Ph.D. student Mao Ye developed the mechanism so that it also does not require an external/internal backup battery to restore and recover secure persistent memory.

Awad noted that after a system crash, an NVM can retain the data in memory. Still, if the associated metadata is not up-to-date, the data is not recoverable. He explained that computer systems use a lot of security metadata to protect a system’s data and memory. Yet running frequent updates is expensive in many aspects, like performance, write endurance, lifetime of the system, and power.

“The main goal of the work was to determine how to recover this metadata without excessively writing it to memory during runtime and ensure that it’s up-to-date.” With that, the system could achieve crash consistency, wherein the data, memory, and security metadata are at a stable point so that the system can start up safely and securely.

“What we found is that we could uniquely mix some of the current support for error correction codes that are actually part of the memory system. This allowed us to recover the security metadata and securely predict the state of the security metadata just before the crash occurred,” he said.

The other technology that Awad developed is a mechanism that supports the ability to access NVM-resident files directly without sacrificing the security provided by encryption and auditing.  With this invention, Awad focused on a way to enable low overhead by minimizing interaction with the operating system. “We didn’t want to involve the operating system in every read or write operation, because that would simply burden the performance of these NVM devices,” Awad said. “With these very fast emerging NVM devices, the software layer overhead becomes a bottleneck.”

For more information about the inventions and the research behind them, read the technology sheet.

Technology Available for License

To learn more about Awad’s work and additional potential licensing or sponsored research opportunities, contact Raju Nagaiah at 407.882.0593.

 

By Kathleen Snoeblen