Thesis Topics
To find out more about any of the following thesis topics please contact Jan Reineke.Note, that this list is not always up-to-date. In general, thesis topic evolve and are crystallized in the Bachelor/Master seminar together with the respective candidate.
Microarchitectural security
Microarchitectural attacks compromise security by exploiting software-visible artifacts of microarchitectural optimizations like caches and speculative execution. To use modern hardware securely, programmers must be aware of how these optimizations impact the security of their code.
In this context, there are possible lines of work:
- Development of program analysis techniques to analyze the vulnerability of software to microarchitectural attacks. Examples: [1,2,3]. We are currently lacking techniques that are sound, efficient, and precise. Marrying efficient syntax-based techniques (such as based on CodeQL) with sound semantics-based techniques (such as symbolic execution) would be one such avenue. Another direction is the development of precise analyses based on abstract interpretation.
- Development/Verification of open-source microarchitectures with rigorous guarantees about their microarchitectural leakage. Examples: [4,5,6]. Currently, there is a lack of modular analysis and design techniques. There are also interesting subproblems, such as the design of a "secure" caches or a "secure" memory hierarchy.
- Fuzzing/systematic testing of modern microarchitectures w.r.t. microarchitectural vulnerabilities. Examples: [7,8].
- CacheAudit: A Tool for the Static Analysis of Cache Side Channels
- Spectector: Principled Detection of Speculative Information Flows
- oo7: Low-Overhead Defense Against Spectre Attacks via Program Analysis (example of a more syntax-based approach)
- Specification and Verification of Side-channel Security for Open-source Processors via Leakage Contracts
- Data Oblivious ISA Extensions for Side Channel-Resistant and High Performance Computing
- ProSpeCT: Provably Secure Speculation for the Constant-Time Policy
- Revizor: Testing black-box CPUs against speculation contracts
- Hide and Seek with Spectres: Efficient discovery of speculative information leaks with random testing
Timing predictability
Real-time systems have to meet deadlines imposed by the physical environment. E.g. an airbag controller needs to detect a crash and decide to fire the appropriate airbags within a few milliseconds. For safety-critical real-time systems, we need to prove that all deadlines are guaranteed to be met. To this end, worst-case execution time (WCET) analysis [10] determines upper bounds on programs' execution times. In modern systems, the execution time of software heavily depends on the state of the underlying hardware. This means that caches, pipelining, speculative execution all need to be taken account in WCET analysis.
Lines of work:
- Program analysis techniques to accurately and efficiently account for particular hardware features, such as caches or speculation. Examples: [1,2]
- Principles for the design of timing-predictable microarchitectures. We would like to build microarchitectures that exhibit high performance while admitting accurate and efficient WCET analysis. Examples: [3,4,5,6] Similarly to the situation in microarchitectural security, we currently lack modular design techniques and tool support.
- Fast and Exact Analysis for LRU Caches
- Precise and efficient FIFO-replacement analysis based on static phase detection
- Timing predictability of cache replacement policies
- Design and Analysis of SIC: A Provably Timing-Predictable Pipelined Processor Core
- Vicuna: a timing-predictable RISC-V vector coprocessor for scalable parallel computation
- Speculative execution and timing predictability in an open source RISC-V core
Performance analysis and understanding
Modern microarchitectures are some of the world's most complex man-made systems. As a consequence, it is increasingly difficult to predict, explain, let alone optimize the performance of software running on such microarchitectures.
Lines of work:
- As a basis for performance prediction, explanation, and optimization we require faithful microarchitectural models. One approach to obtain such models is via careful measurements on the actual hardware: Examples: [1,2]. There are more and more open-source processors. Can accurate performance models be derived directly from their source?
- Use and extend existing microarchitectural models for explaining (and potentially optimizing) the performance of code. Examples of existing work: [3,4,5]. Current basic-block performance models operate under very limiting assumptions: No branching, no cache misses, no mispredictions, etc. Can these assumptions be lifted? Can we combine static predictions with information obtained from measurements?
- uops.info: Characterizing latency, throughput, and port usage of instructions on intel microarchitectures
- nanoBench: A low-overhead tool for running microbenchmarks on x86 systems
- uiCA: Accurate throughput prediction of basic blocks on recent Intel microarchitectures
- Automated instruction stream throughput prediction for intel and amd microarchitectures
- GRANITE: A Graph Neural Network Model for Basic Block Throughput Estimation