ECE Professor Houman Homayoun and CS Professor Matt Bishop Receive the 2021 Dean’s Collaborative Research Award
This seed funding award supports a collaborative project, the UC Davis Institute for Hardware and AI-enabled Cyber Security (IHACS)
Originally posted by the UC Davis Department of Electrical and Computer Engineering.
Cyber security is a worldwide concern. Our systems, infrastructure, and indeed our society rely on it. Many places study the security of systems in general, of software, and of the policies and procedures supporting them. But the security and assurance of hardware is much less studied. As our infrastructure and systems rely on commercial off-the-shelf (COTS) equipment, the security and assurance of hardware is integral to our systems, infrastructure, and society.
Hardware security arises in a number of places. First comes the supply chain: how do we determine that the hardware we use does what it is supposed to, and nothing more (the latter often being forgotten, yet it is an important part of both assurance and security)? This leads to how we detect malicious hardware. Note the definition of “malicious" is tied to the security policy under which the hardware will be used; what is malicious in one place may be required in another.
It also suggests that we need a method for analyzing hardware to determine its specifications, which we can then compare to the security policy. Furthermore, Recently, it has been demonstrated that using AI, supervised Machine Learning (ML) classifiers in particular, on collected Hardware Performance Counters traces of both malware and benign programs, the running applications can be classified with high-level of accuracy. AI-enabled hardware detectors offer fast online detection, efficiency in resource utilization, and invulnerability from getting infected by attackers which make them suitable for mitigating newly emerging threats.
The complexity of these problems is complicated by the myriad of environments in which they appear. The environment constrains solutions, because the solutions must be effective and practical in that environment.
As emerging attacks become more advanced and complex and with recent advances in the eld of AI and ML, there is a need for novel and effective AI-enabled approaches that could detect and mitigate such attacks before they become large scale problems. The role of the UC Davis Institute for Hardware and AI-enabled Cyber Security (IHACS) is to develop such solutions. Currently, there is only one large academic hardware cyber security group, that of the University of Florida in Gainesville, FL. UC Davis is ideally positioned to assume the same role for the West Coast. The IHACS will fulfill this role. IHACS allows faculties from multiple departments in the COE to collaborate as well as initiate and outreach for brainstorming and collaboration with other colleges across the campus to build large interdisciplinary and multidisciplinary team of researchers. This allows the team to target major funding opportunities such as for NSF ERC, DoD MURI and DURIP as well as NSA/DARPA sponsored centers.
Given the proximity of UC Davis to Silicon Valley and the San Francisco Bay Area, the presence of the CHEST center, and the Seclab, as well as several government military base and research labs in the Davis area such as Travis Air Force Base and Defense Microelectronics Activity (DMEA), an institute encompassing hardware and cyber security will have tremendous opportunities to attract major funding from tech giants and government funding agencies. UC Davis has decades of collaboration and working on projects with companies in the S.F. Bay Area such as Google, Intel, and Facebook. Such an industry bond can be leveraged as part of coordinated effort under the new institute to address grand challenges the industry is facing.
Moreover, considering the importance of hardware and cyber security, the demand for security researchers and professionals is at an all-time high, yet the current education curriculum to fulfill these demands is limited. Specifically, there is no standardization for the learning outcome of such educational offerings across universities or even departments within the same university. This creates significant opportunity for training and education in this emerging field. The proposed institute can offer Hardware and Cyber Security graduate certificate that provides comprehensive training and education on all aspects of hardware and system. This program can help students develop a solid foundation of security. Advanced courses focus on state-of-the-art attacks and defense mechanisms for different types of hardware and different application areas can be also offered as part of this program.