According to the World Economic Forum, cyberattacks are considered as one of the most important sources of risk to companies and institutions worldwide. Attacks can target the network, software, and/or hardware. Over the years, much knowledge has been developed to understand and mitigate cyberattacks. However, new threats have appeared in recent years regarding software attacks that exploit hardware vulnerabilities. This article defines these attacks as architectural attacks. Today, both industry and academia have only limited comprehension of architectural attacks, which represents a critical issue for the design of future systems. To this end, this work proposes a new taxonomy, a new attack model, and a complete survey of existing architectural attacks. As a result, it provides the tools to understand architectural attacks in more depth and to start building improved designs and protection mechanisms.

@en

In the recent years, cache based side-channel attacks have become a serious threat for computers. To face this issue, researches have been looking at verifying the security policies. However, these approaches are limited to manual security verification and they typically work for a small subset of the attacks. Hence, an effective verification environment to automatically verify the cache security for all side-channel attacks is still missing. To address this shortcoming, we propose a security verification methodology that formally verifies cache designs against cache side-channel vulnerabilities. Results show that this verification template is a straightforward, automated method in verifying cache invulnerability.

@en

Cache attacks are one of the most wide-spread and dangerous threats to embedded computing systems' security. A promising approach to detect such attacks at runtime is to monitor the System-on-Chip (SoC) behavior. However, designing a secure SoC capable of detecting such attacks is very challenging: the monitors should be lightweight in order to avoid excessive power/energy and area costs and the attack behavior should be clearly known upfront. In this work, we present LiD-CAT, a lightweight and flexible hardware detector that is aware of leakage patterns that can be used by attackers to perform cache based attacks. LiD-CAT is a cache wrapper that implements a set of leakage properties derived from cache attacks and cache models using templates. These templates identify suspicious behavior that may lead to cache attacks. LiD-CAT is evaluated using two different cache architectures, one with a secure cache and one without. On each of them, SPEC2000 benchmarks are run together with malicious applications that execute cache attacks (i.e., Evict+Time, Prime+Probe, Flush+Reload and Flush+Flush). Results show that our lightweight detector successfully detects 99.99% of the attacks with less than 1% false-positives, has no timing penalties, and increases the area of a SoC with only 1.6%.

@en

Integrated circuits typically contain design margins to compensate for aging. As aging impact increases with technology scaling, bigger margins are necessary to achieve the desired reliability. However, these increased margins lead to a reduced performance and lower yield. Alternatively, mitigation schemes can be deployed to reduce the aging. This paper proposes a software-based method to mitigate the aging of the memory's address decoder logic due to Bias Temperature Instability. The method is based on periodically applying a rejuvenation application on top of a user application. The goal of the rejuvenation application is to recover aged transistors of the critical paths of the address decoder. The experimental results show that the proposed method significantly reduces aging in cases when applications consist of memory access patterns that result in an unbalanced stress in the address decoder logic. In particular, it reduces the degradation of the address decoder's setup delay by up to 43% with an execution overhead of only 1%.@en