Lesson5

• Изучить архитектуру современных процессоров и принципы их работы
• Освоить классификацию аппаратных уязвимостей и механизмы их эксплуатации
• Понять взаимосвязь между оптимизацией производительности и безопасностью
• Изучить современные методы защиты на аппаратном уровне

• Развить системное мышление при анализе многоуровневых архитектур
• Сформировать навыки low-level анализа и reverse engineering
• Развить понимание trade-offs между производительностью и безопасностью
• Научиться оценивать security implications архитектурных решений

• Воспитать ответственное отношение к fundamental security principles
• Сформировать понимание важности security-by-design на всех уровнях
• Развить критическое мышление относительно “черных ящиков” в технологиях

Демонстрация “Невозможная утечка”

Экспериментальная установка:

• Два виртуальных контейнера на одной физической машине
• Первый контейнер содержит “секретные данные” (простой текстовый файл)
• Второй контейнер - “атакующий”, без доступа к первому
• Задача студентам: “Может ли второй контейнер получить данные из первого?”

Первичные гипотезы студентов: “Нет, невозможно - изоляция контейнеров”

Шок-демонстрация: Live execution простого Spectre PoC, показывающего утечку данных

Проблематизация:

• “Как это возможно, если операционная система гарантирует изоляцию?”
• “Что происходит на уровне ниже ОС?”
• “Безопасна ли любая система, если сам процессор имеет уязвимости?”

Историческая перспектива производительности vs безопасности:

1970-1990: Простота и предсказуемость

• In-order execution
• Простые cache системы
• Минимальные оптимизации
• Безопасность = “что видишь, то и получаешь”

1990-2010: Гонка за производительностью

• Out-of-order execution
• Speculative execution
• Complex cache hierarchies
• Branch prediction
• Безопасность отошла на второй план

2010-2025: Осознание проблем

• Meltdown/Spectre (2018) как wake-up call
• Security-aware design принципы
• Hardware security features
• Но legacy проблемы остаются

Фундаментальный конфликт:

ПРОИЗВОДИТЕЛЬНОСТЬ ⟷ БЕЗОПАСНОСТЬ
      ↑                    ↑
Speculation              Isolation
Caching               Information Flow Control
Parallelism              Timing Consistency
Optimization             Predictability

Ключевые архитектурные особенности современных CPU:

Speculative Execution (Спекулятивное выполнение):

• Принцип: Выполнение инструкций до того, как известно, нужны ли они
• Цель: Скрытие latency memory operations
• Проблема: Side effects даже от “отмененных” операций
• Пример: Branch prediction + speculative loads

Out-of-Order Execution:

• Принцип: Переупорядочивание инструкций для оптимизации
• Цель: Максимальное использование execution units
• Проблема: Нарушение программной модели безопасности
• Пример: Load/store reordering

Cache Hierarchies:

• L1/L2/L3 caches с различными характеристиками
• Cache coherency protocols между ядрами
• Timing side channels через cache behavior
• Shared resources как источник information leakage

Интерактивная визуализация: Диаграмма современного CPU с выделением “проблемных зон”

Taxonomy аппаратных уязвимостей:

1. Microarchitectural Side Channels

Cache-based attacks:

• Prime+Probe: заполнение cache, ожидание, проверка вытеснения
• Flush+Reload: принудительное удаление, ожидание, проверка загрузки
• Evict+Time: вытеснение через конфликты, измерение времени доступа

Timing-based attacks:

• Memory access timing: различия в DRAM refresh, row buffer hits
• Instruction timing: различия в выполнении разных операций
• Network timing: inference через network latency patterns

Power/EM analysis:

• Simple Power Analysis (SPA): прямая корреляция power traces с операциями
• Differential Power Analysis (DPA): statistical analysis power consumption
• Electromagnetic analysis: EM emanations от switching circuits

2. Transient Execution Vulnerabilities

Spectre family (CVE-2017-5753, CVE-2017-5715):

• Variant 1 (Bounds Check Bypass): обход bounds checking через speculation
• Variant 2 (Branch Target Injection): manipulation branch predictor
• Variant 3 (Rogue Data Cache Load): speculative loading privileged data
• Post-Spectre variants: SpectreRSB, SpectreNG, Foreshadow, etc.

Meltdown family (CVE-2017-5754):

• Rogue Data Cache Load: reading kernel memory от user space
• Foreshadow (L1TF): L1 Terminal Fault attacks
• MDS (Microarchitectural Data Sampling): RIDL, Fallout, ZombieLoad

Store-to-Load Forwarding:

• CrossTalk: inference через shared execution units
• Load Value Injection: manipulation forwarded values

3. Physical Access Vulnerabilities

Hardware implants:

• Supply chain attacks: malicious modifications during manufacturing
• Evil maid attacks: physical modification deployed devices
• Hardware trojans: hidden circuits в legitimate chips

Side channel analysis:

• Fault injection: glitching power/clock signals
• Cold boot attacks: recovering encryption keys от RAM
• Row hammer: inducing bit flips через repeated memory access

Практическое задание: Анализ CVE database для recent hardware vulnerabilities

Spectre Variant 1: Bounds Check Bypass

Уязвимый код pattern:

if (x < array1_size) {
    y = array2[array1[x] * 512];  // Speculative execution!
}

Механизм атаки:

1. Training phase: обучение branch predictor “правильными” значениями x
2. Attack phase: подача malicious x ≥ array1_size
3. Speculation: процессор speculatively выполняет load, несмотря на out-of-bounds
4. Side channel: cache state reveals значение array1[x]
5. Recovery: использование cache timing для extraction данных

Почему это работает:

• Branch predictor предсказывает “x < array1_size” как true
• Speculative execution загружает array1[x] до проверки bounds
• Cache line загружается based на значение array1[x]
• Даже после rollback speculation, cache state сохраняется

Meltdown: Kernel Memory Reading

Fundamental assumption violation:

• Предположение: user-space code не может читать kernel memory
• Реальность: speculative execution игнорирует privilege checks

Attack flow:

1. Speculative load: попытка чтения kernel address
2. Exception: access violation exception (но асинхронно!)
3. Side effect: cache state изменен до exception handling
4. Information extraction: cache timing reveals прочитанные данные

Микроархитектурные детали:

• Exception handling происходит в retirement stage
• Cache access происходит в execution stage
• Timing gap между execution и retirement

Countermeasures и их ограничения:

Software mitigations:

• Kernel Page Table Isolation (KPTI): separate page tables для user/kernel
• Retpoline: indirect branch speculation prevention
• Array index masking: explicit bounds checking
• Performance impact: 5-30% degradation

Hardware mitigations:

• Intel CET (Control-flow Enforcement Technology)
• ARM Pointer Authentication
• Enhanced IBRS (Indirect Branch Restricted Speculation)
• Microcode updates: но не полное решение

Фундаментальные ограничения:

• Невозможно полностью устранить speculative execution
• Trade-off между performance и security остается
• New variants продолжают появляться

Лабораторная “Hardware Vulnerability Analysis”

Задача: Анализ и классификация real-world hardware vulnerabilities

Материалы:

• Набор recent CVE descriptions (2023-2025)
• Simplified PoC code samples
• Микроархитектурные диаграммы modern CPUs

Работа в группах (3-4 человека):

Группа 1: Intel vulnerabilities

• Анализ 3-4 recent Intel CVEs
• Классификация по taxonomy
• Оценка impact и exploitability
• Анализ available mitigations

Группа 2: ARM vulnerabilities

• Анализ ARM-specific vulnerabilities
• Сравнение с Intel approaches
• Mobile device implications
• IoT security considerations

Группа 3: AMD vulnerabilities

• AMD-specific архитектурные особенности
• Сравнительный анализ с Intel
• Server/datacenter implications
• Virtualization security impact

Группа 4: Emerging architectures

• RISC-V security considerations
• Apple Silicon security features
• Quantum computing implications
• Future architecture trends

Deliverables (по 2 мин на группу):

• Vulnerability classification matrix
• Risk assessment для different scenarios
• Mitigation strategy recommendations
• Prediction future attack vectors

• Presentation результатов групп
• Cross-group questions и discussion
• Synthesis common patterns across architectures
• Setup для следующего урока: “Как эти уязвимости влияют на операционные системы?”

Интерактивная игра “Attack vs Defense”

Формат: Two-team competition

• Red team: представляет новую hardware attack vector
• Blue team: предлагает defensive countermeasures
• Constraint: каждая мера защиты должна учитывать performance impact

Rounds:

1. Cache-based side channel → Cache partitioning solutions
2. Speculative execution → Speculation control mechanisms
3. Physical access → Hardware security modules
4. Supply chain → Trust verification methods

Оценка: Creativity, technical feasibility, cost-effectiveness

Архитектурные принципы secure design:

Principle of Least Privilege на hardware level:

• Hardware privilege rings: User/Supervisor/Hypervisor modes
• Memory protection units: MMU, SMMU для DMA protection
• Execution privilege controls: Execute-only memory, W^X enforcement
• Resource access controls: Hardware-enforced quotas и limits

Defense in Depth стратегия:

• Multiple security boundaries: каждый level provides некоторую защиту
• Redundant protections: failure одного mechanism не компрометирует всю систему
• Diverse techniques: different approaches к same security goal

Modern CPU security features:

Intel Security Technologies:

Intel MPX (Memory Protection Extensions)

• Bounds checking: hardware-accelerated pointer bounds verification
• Automatic bounds tracking: compiler-generated bounds tables
• Performance overhead: minimal compared to software solutions
• Status: deprecated в newer processors (complexity issues)

Intel CET (Control-flow Enforcement Technology)

• Shadow stack: hardware-maintained return address stack
• Indirect branch tracking: CFI для indirect calls/jumps
• ROP/JOP mitigation: prevents return/jump-oriented programming
• Adoption status: gradually rolling out в enterprise processors

Intel TME/MKTME (Total Memory Encryption)

• Full memory encryption: transparent encryption всей system memory
• Multi-key support: different keys для different security domains
• Performance: hardware acceleration минимизирует overhead
• Use cases: protection против physical memory attacks

ARM Security Features:

ARM TrustZone

• Secure/Non-secure worlds: hardware-enforced separation
• Secure monitor: trusted code managing world switches
• Peripheral protection: devices можно assign к secure world
• Use cases: mobile payments, DRM, secure boot

ARM Pointer Authentication

• Cryptographic signatures: для return addresses и function pointers
• Hardware key generation: per-process cryptographic keys
• ROP/JOP prevention: invalid signatures trigger exceptions
• Performance: minimal overhead для pointer operations

ARM Memory Tagging Extension (MTE)

• Tag-based memory safety: 4-bit tags для memory regions
• Automatic tag checking: hardware validates tag matches
• Use-after-free detection: temporal safety violations
• Buffer overflow detection: spatial safety violations

x86/ARM общие тренды:

Hardware-assisted virtualization security:

• Intel VT-d/ARM SMMU: DMA protection и IOMMU
• SLAT (Second Level Address Translation): nested page tables
• Hardware VM isolation: preventing cross-VM attacks
• Hypervisor-protected code integrity

Confidential computing platforms:

• Intel SGX (Software Guard Extensions): secure enclaves
• AMD Memory Guard: SME/SEV technologies
• ARM Confidential Compute Architecture (CCA)
• Use cases: protecting data в untrusted cloud environments

Next-generation hardware security:

Post-quantum cryptography support:

• Hardware acceleration: для lattice-based, hash-based algorithms
• Quantum-safe RNG: enhanced entropy sources
• Crypto agility: support multiple quantum-resistant algorithms
• Migration strategies: от current RSA/ECC systems

AI-enhanced security:

• Behavioral anomaly detection: hardware-level monitoring unusual patterns
• Adaptive defenses: dynamic adjustment security parameters
• Predictive threat modeling: anticipating attack vectors
• Real-time analysis: low-latency decision making

Zero-trust hardware architectures:

• Continuous verification: every operation requires authentication
• Micro-segmentation: hardware-enforced network isolation
• Identity-centric security: hardware-bound device identities
• Policy enforcement points: hardware-level access control

Software-hardware co-design подходы:

Compiler-assisted security:

• Hardware feature utilization: automatic использование security extensions
• Performance optimization: balancing security и speed
• Bug detection: static analysis с hardware capability awareness
• Security annotation: programmer hints для security-critical code

Operating system integration:

• Hardware abstraction layers: secure APIs для accessing security features
• Privilege management: OS-level policy enforcement с hardware backing
• Resource virtualization: secure sharing hardware security resources
• Update mechanisms: coordinated software/firmware/microcode updates

Emerging threat vectors:

Quantum computing threats:

• Cryptographic vulnerabilities: RSA/ECC breaking capabilities
• Timeline considerations: NISQ era vs fault-tolerant quantum computers
• Hybrid attacks: classical + quantum algorithm combinations
• Preparation strategies: crypto-agility и migration planning

AI-powered attacks:

• Automated vulnerability discovery: ML-guided fuzzing и reverse engineering
• Adversarial ML: attacks на AI-enhanced security systems
• Social engineering automation: personalized attack campaigns
• Defense strategies: adversarial training, robust ML systems

Supply chain security evolution:

• Nation-state threats: sophisticated insertion malicious hardware
• Third-party risks: compromised development tools и libraries
• Verification challenges: detecting subtle hardware modifications
• Mitigation approaches: trusted foundries, formal verification, runtime attestation

Future-proofing strategies:

Adaptive security architectures:

• Reconfigurable hardware: FPGA-based security functions
• Updateable firmware: secure over-the-air updates
• Modular designs: plug-and-play security components
• Graceful degradation: maintaining security при component failures

Security-by-design principles:

• Threat modeling integration: security analysis на всех design phases
• Formal verification: mathematical proofs security properties
• Security metrics: quantitative assessment security effectiveness
• Continuous monitoring: real-time security posture assessment

International cooperation requirements:

• Standards development: IEEE, ISO, NIST collaboration
• Threat intelligence sharing: coordinated response emerging threats
• Research cooperation: academic-industry-government partnerships
• Regulatory harmonization: consistent security requirements globally

Practical implications для developers:

Secure coding practices:

• Hardware-aware programming: understanding underlying security model
• Side-channel resistance: coding techniques minimizing information leakage
• Performance-security trade-offs: informed decisions about security overhead
• Testing methodologies: security testing на hardware platforms

System design considerations:

• Attack surface minimization: reducing exposed functionality
• Compartmentalization: isolation между system components
• Fail-safe defaults: secure behavior при error conditions
• Recovery mechanisms: graceful handling security violations

Capstone Exercise: “Secure Processor Design Challenge”

Scenario: Вы architect team designing новый processor для critical infrastructure applications (power grid control systems).

Requirements:

• Performance: equivalent к current server-class processors
• Security: resistant к известным hardware attacks
• Cost: не более 20% premium over standard processors
• Power: suitable для embedded/industrial applications
• Longevity: 15-year deployment lifecycle

Team Organization (4-5 человек на команду):

Architecture Team:

• Design overall processor architecture
• Specify execution units, cache hierarchy
• Define instruction set extensions для security
• Balance performance vs security trade-offs

Security Team:

• Identify threat model для target applications
• Specify hardware security features
• Design countermeasures для known attack classes
• Plan для future threat evolution

Verification Team:

• Develop testing strategy для security features
• Design formal verification approach
• Plan security certification process
• Create security assurance case

Integration Team:

• Design software/hardware security interfaces
• Plan integration с existing software stacks
• Develop migration strategy от current systems
• Create developer documentation и tools

Deliverables (3 мин presentation per team):

1. High-level architecture diagram с security features highlighted
2. Threat model и countermeasures mapping
3. Performance/security/cost analysis
4. Innovation highlights - novel security features
5. Implementation roadmap - development phases

Evaluation criteria:

• Technical feasibility и realism
• Comprehensive threat coverage
• Innovation в security approaches
• Clear communication ideas
• Team collaboration quality

Synthesis и Forward Looking

Key takeaways synthesis:

• Hardware security is foundational для всей system security
• Performance и security tensions require careful engineering
• Emerging threats demand proactive defensive strategies
• Collaboration между hardware/software teams essential

Connection к broader cybersecurity:

• Hardware vulnerabilities affect все higher-level security
• Understanding hardware limitations crucial для secure system design
• Future cybersecurity professionals need hardware awareness

Preview следующих модулей:

• Operating systems build на hardware security primitives
• Network security depends на trusted hardware foundations
• Cryptographic implementations vulnerable к hardware attacks

• Hands-on experimentation: students build понимание через direct interaction
• Collaborative knowledge building: peer learning и shared discovery
• Real-world problem solving: authentic challenges от industry
• Reflective practice: metacognition about learning process

• Requirements analysis: understanding constraints и trade-offs
• Iterative prototyping: rapid testing ideas
• Failure analysis: learning от design shortcomings
• Professional presentation: communicating technical ideas effectively

• Literature reviews: exploring cutting-edge research
• Hypothesis formation: predicting attack/defense effectiveness
• Experimental design: testing security mechanisms
• Peer review process: evaluating classmates’ work

• Guest expert sessions: practicing engineers sharing real experience
• Case study analysis: learning от actual security incidents
• Internship preparation: developing industry-relevant skills
• Professional networking: connections с cybersecurity community

Technical Portfolio (30%):

• Hardware analysis reports: weekly analysis new vulnerabilities или technologies
• Security assessment exercises: evaluating real hardware platforms
• Design documentation: creating security-focused architecture documents
• Research summaries: synthesizing current research trends

Collaborative Learning (20%):

• Peer teaching sessions: explaining complex concepts к classmates
• Group project contributions: collaborative problem-solving
• Technical discussions: quality participation в class discussions
• Cross-team collaboration: working with different skill sets

Applied Skills Development (15%):

• Tool proficiency: using hardware analysis tools
• Programming exercises: low-level security-relevant coding
• Simulation work: modeling hardware security scenarios
• Presentation skills: communicating technical concepts clearly

Major Project: “Hardware Security Assessment” Choose real hardware platform (processor family, mobile SoC, IoT device, etc.) и conduct comprehensive security analysis.

Project Phases:

1. Architecture Analysis (Week 1-2):

   • Detailed study target hardware architecture
   • Identification security-relevant features
   • Literature review known vulnerabilities
   • Threat model development

2. Vulnerability Assessment (Week 3-4):

   • Analysis known vulnerabilities affecting platform
   • Evaluation existing mitigations
   • Assessment residual risks
   • Identification potential new attack vectors

3. Defense Strategy (Week 5-6):

   • Design comprehensive defense strategy
   • Cost-benefit analysis proposed countermeasures
   • Implementation feasibility assessment
   • Future-proofing considerations

4. Professional Deliverable (Week 7):

   • Executive summary для decision-makers
   • Technical report для engineering teams
   • Presentation к security committee
   • Recommendations actionable next steps

Assessment Dimensions:

• Technical depth: accuracy и comprehensiveness analysis
• Critical thinking: quality insights и original thinking
• Professional communication: clarity и appropriateness different audiences
• Practical relevance: real-world applicability recommendations
• Innovation potential: novel approaches or insights

Industry-Standard Practices:

• Use professional tools и methodologies
• Follow established security assessment frameworks
• Create deliverables matching industry expectations
• Practice professional communication standards

Real-World Impact:

• Projects addressing actual security challenges
• Potential contribution к open-source security tools
• Collaboration с local technology companies
• Participation research community discussions

Weekly Structure:

• Monday: Concept introduction через guided exploration
• Wednesday: Hands-on practice с simplified scenarios
• Friday: Reflection и peer discussion

Project: “Personal Device Security Audit” Conduct security assessment своего личного device (laptop, phone, tablet):

• Research hardware security features
• Identify potential vulnerabilities
• Implement available protections
• Document findings и recommendations
• Share learnings с family/friends

Skills Development:

• Basic understanding hardware concepts
• Ability к research security information
• Critical evaluation marketing claims
• Communication security concepts к non-experts

Integration с advanced topics:

• Formal verification methods для hardware security
• Side-channel analysis practical techniques
• Secure hardware design principles
• Industry collaboration projects

Project: “Secure System Design” Design secure system для specific application domain:

• Choose target application (IoT, automotive, medical device, etc.)
• Analyze security requirements и threat model
• Design hardware architecture meeting requirements
• Implement prototype или detailed simulation
• Validate security properties through testing
• Create comprehensive documentation

Advanced Skills:

• System-level security thinking
• Design trade-off analysis
• Security validation techniques
• Professional documentation standards

Research Tracks:

1. Vulnerability Discovery: finding new classes hardware vulnerabilities
2. Defense Innovation: developing novel protection mechanisms
3. Formal Methods: mathematical approaches к hardware security verification
4. Emerging Technologies: security implications new hardware trends

Independent Research Project:

• Literature Review: comprehensive analysis current research
• Original Contribution: novel findings, tools, или methodologies
• Experimental Validation: empirical testing research hypotheses
• Academic Writing: research paper suitable для conference submission
• Peer Review: participating в review process

Research Skills:

• Independent problem identification
• Experimental design и execution
• Statistical analysis и interpretation
• Academic writing и presentation
• Professional networking и collaboration

Foundational Knowledge:

• Principles learned здесь apply ко всем subsequent modules
• Hardware security affects operating systems, networks, applications
• Understanding trade-offs informs all security decisions

Advanced Applications:

• OSINT techniques can include hardware fingerprinting
• Web security depends на trusted execution environments
• Cryptographic implementations vulnerable к hardware attacks
• AI/ML security affected hardware security features

Computer Engineering:

• Digital systems design с security considerations
• VLSI design для secure processors
• Embedded systems security requirements

Mathematics/Physics:

• Cryptographic algorithm implementations
• Physical side-channel analysis
• Quantum computing implications

Economics/Policy:

• Cost-benefit analysis security features
• Regulatory compliance requirements
• Industry standards development

Career Pathways:

• Hardware Security Engineer: designing secure processors и systems
• Security Researcher: discovering vulnerabilities и developing countermeasures
• Penetration Tester: specializing в hardware attack vectors
• Security Architect: designing secure systems comprehensive understanding
• Policy Analyst: informing regulation hardware security requirements

Continuous Learning:

• Professional conferences (IEEE S&P, USENIX Security, etc.)
• Certification programs (hardware security specializations)
• Industry working groups (TCG, GlobalPlatform, etc.)
• Research collaboration opportunities

Societal Impact:

• Contributing к more secure digital infrastructure
• Protecting critical systems от sophisticated attacks
• Advancing state-of-the-art hardware security
• Educating next generation security professionals