Mengjia Yan

Computer Architecture & Security with Professor Mengjia Yan

WRITTEN BY: Audrey Woods

In 2018, two CPU vulnerabilities were reported that changed the industry’s understanding of computer security. Spectre and Meltdown, both transient execution attacks, violated the world’s imagined boundary between hardware and software, exploiting a weakness of computer microarchitecture to hack into a target system. While those particular vulnerabilities have since been addressed, the arms race to identify potential hacking avenues and design defense mechanisms before malicious actors can take advantage is a thriving area of research, one which MIT Assistant Professor Mengjia Yan is excited to be leading. 

Professor Yan says she originally became interested in computer architecture because she was “obsessed with how people can build complex computers from transistors and logical gates and compose them to deliver all the functionalities we want.” She describes how coming up with “brilliant ideas to make trade-offs between performance, energy efficiency, and hardware cost” was fascinating to her. But her specific interest in security began during her PhD at the University of Illinois at Urbana-Champaign when her advisor asked her to explore a security-related project. She says, “I found myself really enjoying the attack and defense process,” which led to a graduate dissertation on side channel attacks, a topic she continues to study to this day. 

Speaking with CSAIL Alliances, Professor Yan explains that a side-channel attack is a way of gaining information through an unintended communication leak. She compares this to two roommates using the same internet router, where “by just looking at how much bandwidth you have and how slow or fast your network speed is, you can figure out what your roommate is doing.” For instance, if one roommate is streaming video or running a bandwidth-intensive process, the other roommate will know because their own internet will be slower. This is a simplification, but by using such non-intrusive means to see what a system is doing, a hacker can gain valuable information without requiring access to privileged parts of the system or alerting the victim they’ve been compromised. 

When teaching classes such as her hardware security course, Professor Yan tells students to think about the process of finding these vulnerabilities like playing a jigsaw puzzle. She says, “the very first step is to reverse engineer microarchitecture details, since commercial processors are like black boxes.” This means that those in her research group “need to have some intuition about how the processor is designed, propose some assumptions, design experiments to verify this assumption, observe the result, and repeat.”  

In 2022, this method led Professor Yan’s group to discover a key vulnerability in Apple’s M1 chip. The M1 chip uses pointer authentication, a feature supported by ARM ISA, to defend against software attacks, where a pointer authentication code (PAC) provides the last line of defense against would-be attackers. If a hack attempts to modify protected memory or gain control of the system, the PAC will be disrupted and the system will crash. However, Professor Yan and her fellow researchers published what they call a PACMAN attack, which can guess a value for the PAC with the help of hardware side channels, allowing them to hack into Apple systems without leaving a trace. Professor Yan explains that PACMAN “can brute force trying all these guessed values under speculation until [it] finds the correct one, and then you feed the correct one into the program to bypass a security check.” 

When asked about the industry’s reaction to her work, Professor Yan says that she “really likes ARM’s response. ARM wrote a very in depth, detailed, thorough response about how PACMAN works and how they can react to these attacks,” which included “some very clever software and hardware co-design mitigations.” She went on to explain that although most modern systems can be exploited unless they are “very old and very low performance,” it’s also “not the end of the world if you have a hardware vulnerability nowadays [because] you have software patches and microcode patches and you can reposition some variations of other implementation for better defenses.” 

Pivoting to another major area of computer science, Professor Yan addressed the idea of using Machine Learning (ML) in computer security. “It’s a sad fact,” she explains, that “there are more uses for machine learning to assist attacks than stop attacks.” Because algorithms are so good at finding correlations in data—such as computer signals—ML will likely be better at generating attack code and discovering new side-channel methods than preventing them. “The work on the defense side is very limited,” she elaborates, “because when you find one attack and bypass the system, you can declare success, while for defense it's very difficult to deal with false positives and false negatives. My sense is that we need more work in this direction.” 

Professor Yan offers several tips for individuals wanting to protect themselves against malicious cyber activity. Her first piece of advice is to “upgrade your system as early as possible, because companies frequently release patches for both software vulnerabilities and hardware vulnerabilities.” On the manufacturing side, she advises corporations to consider being more conservative when it comes to system optimization. “These optimizations may introduce new vulnerabilities which have not been discovered,” she says, explaining how attempts to remove features with a large performance overhead can lead to unintended security weaknesses that then need to be patched. “You get some performance benefit, but maybe it leaves a narrow gap for security breaches,” she says, which results in “shifting back and forth between software fixes and hardware fixes towards the same attack.” To address this, Professor Yan hopes to see better coordination between the software and hardware communities in the future. 

Generally, Professor Yan makes it clear that while this area is a “great research topic for us because we really enjoy digging deep into processors to find all these vulnerabilities,” the attacks she studies “are also very difficult to be carried out by an attacker in the real world.” As a scientist, she aims to create a system with “perfect security properties,” which means that her work focuses on discovering the trickiest avenues of attack or deepest weaknesses that could potentially be exploited. But she acknowledges, “for practical deployment, I would say businesspeople should really focus on the very basic Spectre and Meltdown vulnerabilities,” sticking to generic computer safety protocols for maximum effect. 

Professor Yan concluded by saying, “both software and hardware become more and more complex as the days go by,” which means “the interface between hardware and software will be a long-lasting problem for a very long time.” In short, her work is far from over. 

To learn more about Professor Mengjia Yan’s research, visit her website for further information.