Emerging system integration and packaging technology, commonly referred to as chiplet technology, has provided a new potentially transformative opportunity to build ultra-large-scale high-performance computers with many cores. Chiplet technology brings modularity and heterogeneity, in which the underlying functional blocks are designed by different vendors and fabricated as separate chips, called chiplets. Compared to existing technologies, chiplet technology significantly reduces time-to-market, while enabling new high-performance computing paradigms, such as wafer-scale computing by providing a large number of cores and terabytes of memory capacity at 100s terabytes per second throughput.

Unleashing the potential computing power of a large-scale chiplet system, however, requires rethinking the system architecture commonly used in current SoC systems. Due to the ultra-large substrate area size and much higher density, vital circuit-level functions, such as clock and power delivery as well as chip-to-chip communication, have to be redesigned. Furthermore, scalable solutions for system-level features such as security monitoring need to be developed. In this project, we explore innovative methods for building a secure-by-design chiplet systems.

This project is in collaboration with the CHIPS center and Intel Labs.

Real-time embedded and IoT systems are evolving from basic devices for a single user to complex platforms for multiple users where computing, sensing, and actuation are shared among potentially untrusted remote users. This shift brings new opportunities like collaborative sensing and cooperative perception but also creates fresh security concerns including ensuring secure and private remote access to I/O in the presence of an untrusted operating system. To address these security concerns new security architectures have been proposed. These architectures aim to extend the capabilities of a trusted execution environment (TEE) to support secure I/O access. However, they often lack fine-grained exclusivity and support for dynamic changes in access policies.

This project develops a new security architecture to achieve trustworthy sensing and actuation in a shared tenancy (multi-user) real-time embedded system. Specifically, we develop new methods for remote attestation and trusted sensing and/or actuation.

Computers, ranging from tiny embedded systems to powerful servers, are becoming increasingly pervasive and critical in our lives. While these systems perform their primary task: computing, they also leave behind unwanted footprints that can leak potentially sensitive information through unconventional physical or digital channels, called side-channels. As we become increasingly dependent upon computing systems, it is more critical than ever to know how side-channel signals can be created, how side-channel leakage can be modeled, and how future hardware and/or software systems should be designed to be robust against side-channel attacks?

This project explores new methods for quantifying and modeling side-channels, both physical and microarchitectural, for a wide range of computing systems. The ultimate goal of this project is to develop a set of open-source tools that can accurately model side-channels during the early stages of the design process. Such a model has various usecases. Further, this project explores new side-channel vulnerabilities in modern systems and proposes new defense mechanisms.

This project is funded by IARPA, NSF, and a gift received by UCLA Alumni, Anthony Lai.

Internet-of-things (IoT) and cyber-physical systems (CPS) are becoming increasingly applicable in industrial and residential environments, opening up new opportunities for smart homes, sensor networks, smart manufacturing, and many other applications. While becoming progressively more capable, this class of computing devices is typically resource-constrained with limited energy and data storage and small processing power. It is thus imperative that critical applications commonly used in IoTs, such as communication, debugging, authentication, etc., be carefully designed to have minimal energy, performance, and area overhead while embracing the diversity of software and hardware present within these systems.

In this project, we explore new approaches for enabling low-power low-overhead communication, authentication/fingerprinting, and debugging in CPSs and IoT systems. The common insight in all the proposed solutions is, instead of imposing additional overhead for achieving a particular functionality (e.g., communication or debugging), we leverage existing and unintentional physical signals created by the system (called side-channels) to enable the desired functionalities. As a result, our proposed solutions enjoy lower overhead in terms of energy, performance, and area storage, since it eliminates the need for additional infrastructure on the IoT/CPS for the required functionality while being applicable to a wide range of systems.

This project is funded by NSF and Department of Energy (DOE).

We are entering a new era in computing where devices at the edge of the Internet are not merely computers but are machines capable of sensing, learning, acting, and interacting with the physical world around them. While this sharing and interaction can bring lots of new and exciting applications, it also comes with several new security and privacy issues.

We study new hardware and system-oriented methods for ensuring trustworthiness in a collaborative IoT ecosystem where tasks and data are shared among a cluster of heterogeneous computing devices. Specifically, we explore new methods for trusted and verifiable sensing and computation across many connected devices.

This project is sponsored by NSF.

Our project is aimed at studying low-overhead techniques to enable trustworthy and privacy-preserving machine learning. These methods are primarily non-cryptographic. The goal is to build edge/IoT and/or end-to-end (i.e., IoT+cloud) systems that can compute machine learning tasks while preserving privacy and/or being robust against adversarial attacks but without incurring huge overheads. Examples are designing new methods for low-latency object detection.

Another aspect of this project focuses on how to leverage generative machine learning, and particularly, diffusion models for increasing the robustness of a model against adversarial attacks.

This project is sponsored by Cisco Research and Accenture Research.