As counterproductive as it may sound, developing ways to attack hardware security allows Department of Computer Science Assistant Professor Matt Hicks to make it more secure.
“You have to identify weaknesses to know what to patch,” Hicks said.
Recently awarded a five-year Faculty Early Career Development (CAREER) award by the National Science Foundation (NSF), Hicks said his research will further enhance hardware security, especially in the United States, by identifying novel weaknesses and enabling him to learn more about the design space for security tools.
Hardware security is vulnerability protection that comes in the form of a physical device, rather than software that is installed on the hardware of a computer system. Some common examples include hardware firewalls and proxy servers.
Hicks said he also hopes to grow the footprint of his lab, which specializes in fuzz testing — an automated software testing technique that is known to find the most serious security fault or defect.
Hicks’s project brings together research in the areas of computer security, computer architecture, and digital circuits to create novel design-time hardware trojans. A hardware trojan is a form of malicious circuitry that damages the function and trustworthiness of an electronic system, which could disable, derange, or destroy the entire chip or components of it.
The NSF CAREER program offers the most prestigious awards in support of early-career faculty who have the potential to serve as academic role models in research and education and to lead advances in the mission of their department or organization, as stated by the foundation.
Real-world problems and real-world impact
Hicks’s current research spans the security of hardware, hardware for increased software security, embedded system security, and intermittent computation. He is especially interested in how hardware changes over time and how it fails with respect to security.
“I like being creative and building systems that can impact people’s lives,” Hicks said of the aspects he finds most interesting about his field. “I like the freedom to have a wider net.”
Before arriving at Virginia Tech, Hicks was a lecturer at the University of Michigan, where he also completed his two-year postdoctoral work in computer security. His interest in hardware security grew while he pursued his master’s and doctoral degrees at the University of Illinois Urbana-Champaign, where he researched both intentional and unintentional hardware flaws.
Other impacts he aims for include extending the technical work's impact to society, developing partnerships with government labs and industry, and providing mentorship to the next generation of leaders, especially those who are the first in their family to get a college degree.
The project will also play a role in undergraduate and graduate education through the integration of the research artifacts into the computer science curriculum and the creation of an embedded security design experience. Hicks will work with students at Virginia Tech as well as international students at other universities.
Hicks ultimately aims to develop more deployable tools for more trustworthy hardware.
Partnering with the Commonwealth Cyber Initiative
There were others who also saw promise in Hicks’ research, including the Commonwealth Cyber Initiative Southwest Virginia (CCI SWVA) Research Engagement program, which accelerates scholarly output, collaboration, and commercialization in cybersecurity research thrust areas.
The goal of the program is to accelerate collaboration in research, innovation, and workforce development by engaging faculty at CCI Southwest Virginia institutions in projects related to fast, secure, and customizable communications systems and technologies. It also examines issues surrounding human factors, privacy, ethics, and global security in modern society.
Hicks received $20,000 in CCI SWVA grant funding that directly seeded his NSF proposal. “Matthew Hicks’s proposal clearly articulated how the Commonwealth Cyber Initiative Southwest Virginia funds would be used to seed further research developing a new hardware security primitive and studying existing attacks in new ways, to identify gaps in critical system security,” said Gretchen Matthews, professor of mathematics at Virginia Tech and director of the CCI southwest node.
Hicks's research paper on hardware security primitive, co-authored with Michael Moukarzel, a computer science postdoctoral associate, was recently published by the 2021 Annual Computer Security Applications Conference, which will be held virtually in December.