Reflections on Spring Semester 2023 🌞
During the spring semester of 2023, I not only focused on various courses but also prepared for scholarships and applied for the GSoC program. Additionally, I continued my internship at the Compsec. In this post, I’d like to summarize what I have learned through these experiences during the semester.
System Security
In the “System Security” course, I learned about various general topics related to system security. Specifically, the topics covered in the lectures included:
- Memory vulnerabilities: attacks such as Return-Oriented Programming (ROP), heap overflow, and their corresponding defenses like Address Space Layout Randomization (ASLR), Control Flow Integrity (CFI), and Data Flow Integrity (DFI).
- Symbolic Execution: Techniques like KLEE and Angr for performing symbolic execution and analyzing code paths.
- Fuzzing: Tools like AFL (American Fuzzy Lop), Syzkaller, and their application in discovering software vulnerabilities through automated input generation.
- Isolation in Linux: Concepts like Seccomp, chroot, setuid, and their role in creating secure environments.
- Rowhammer Attack: Understanding the vulnerability that exploits the physical memory cell disturbance to gain unauthorized access.
- Transient Execution Attacks: Exploration of high-profile attacks such as Meltdown and Spectre that exploit vulnerabilities in speculative execution.
- Cold-boot Attack: Examining the attack vector that targets the remanent information in a system’s memory after a cold reboot.
- Confidential Computing: Understanding the concept of protecting sensitive data during computation even from privileged software and hardware.
Following each lecture, the professor assigned related research papers for us to read, and we took turns presenting one paper each. This allowed me to read and comprehend approximately 30 system security-related papers over the course of the semester. You can check papers I have read including the papers I read for this class in this link.
Additionally, I had the opportunity to present a paper called Ryoan. This experience was valuable as it gave me the chance to present a paper in front of an audience and engage in a Q&A session in English. While I was able to successfully deliver the presentation and handle the Q&A, I realized the importance of further honing my skills in logically presenting my thoughts.
Computer Architecture
In the “Computer Architecture” course, I explored not only the fundamental concepts but also various advanced topics related to computer architecture. Some specific topics covered in the course include:
- ISA of RISC-V: Understanding the Instruction Set Architecture of the RISC-V processor.
- Single-Cycle-CPU and Multi-Cycle-CPU: Studying the design and operation of processors with single-cycle and multi-cycle architectures.
- Pipelined-CPU: Analyzing the concept of pipelining, including data and control hazards, as well as branch prediction techniques.
- Exception and Interrupts: Exploring mechanisms for handling exceptions and interrupts in computer systems, including precise exception/interrupt handling.
- Memory Hierarchy: Examining the organization and management of memory hierarchies, including advanced topics such as inclusiveness, MSHR (Miss Status Holding Register), prefetching, and more.
- Hardware Multithreading: Investigating concepts such as Chip-level Multiprocessors (CMP) and Simultaneous Multithreading (SMT) to achieve parallelism in hardware.
- Virtual Memory: Understanding the principles and techniques used to implement virtual memory systems.
- I/O: Exploring Input/Output mechanisms in computer systems, including Direct Memory Access (DMA) and I/O Memory Management Units (IOMMU).
- Parallel Processing & Cache Coherence: Studying the parallel processing of tasks and cache coherence protocols like MESI (Modified, Exclusive, Shared, Invalid) and directory-based cache coherence mechanisms.
- GPU Architecture: Introducing the architecture and principles behind Graphics Processing Units (GPUs) used for parallel computing and graphics rendering.
Throughout the semester, I also completed four lab assignments, which involved implementing various computer architecture concepts using Verilog. I successfully implemented a single-cycle CPU, a 5-stage pipelined CPU, and a pipelined CPU with g-share branch predictor and perceptron branch predictor. Additionally, for the final assignment, I developed a timing simulator for an memory hierarchy composed of inclusive, write-back caches using C++.
Undoubtedly, this course was the most challenging one I took this semester. However, the rewards were equally significant, as I gained a wealth of knowledge and practical experience through these lab assignments.
And other courses…
In the “Introduction to Electronic Circuits and Laboratory” course, I learned about the operating principles of diodes, BJT transistors, and MOSFET transistors, as well as how to analyze various circuits utilizing these components.
In the “Signals and Systems” course, I studied concepts such as LTI (Linear Time-Invariant) systems, Fourier transforms, Laplace transforms, z-transforms, and sampling theory.
Lastly, I also took a course called “Seminar on AI Core Technology and Applications,” where each week, we had guest speakers from various industries sharing their insights on how AI technology is being applied in real-world scenarios. It was an enjoyable experience to examine the latest AI technologies from the perspective of a security researcher and analyze their implications.
A few failures, and lessons learned
During the early part of the semester, I dedicated several weeks to preparing my application for the Presidential Science Scholarship. This process allowed me to reflect on my university journey so far, contemplate what I aspire to achieve as a researcher, and set clear goals for myself. Despite putting in considerable effort, I was not selected for the scholarship. Upon analyzing the reasons for this failure, I identified the following factors:
- During my first and second years, I lacked a clear area of interest and focused solely on my coursework. It was only in my third year that I was interested in system security and interned at CompSec lab. Since the duration of the internship was relatively short, I couldn’t have a research experience to include in my application.
- Although I was unfamiliar with writing applications, I didn’t show my application to anyone for advice. If I encounter a similar document in the future, I will seek guidance from those around me to improve its content.
Additionally, I applied for the Google Summer of Code (GSoC) program. I was particularly interested in addressing the Media Privacy issue in Chromium, so I submitted an application for that issue. To prepare for this, I gained an understanding of how Chromium’s media-related modules were structured and how they interacted with the incognito mode through code analysis. I discovered that Firefox had already resolved a similar issue in its media module and secret mode code, so I included this efficient solution in my application.
Throughout the application process, I learned various lessons and acquired new knowledge. I gained insights into the structure and dynamics of open-source developer communities and gained a detailed understanding of Chromium’s development and testing processes. Moreover, I deepened my understanding of Chromium’s overall architecture, which was helpful when reading certain papers later on.
Ultimately, although I did not succeed in securing the GSoC opportunity, I found the application process itself to be a valuable learning experience. Reflecting on the reasons for my rejection, I realized that once the semester began, I became too engrossed in my coursework, leaving me with insufficient time to actively engage with the open-source community. If I had shown a more proactive approach, such as building Chromium, trying to fix bugs, and actively participating beyond mere information gathering, the outcome might have been more favorable.
Internship in CompSec
I also interned at CompSec throughout this semester. Although I was busy with my coursework and couldn’t engage in many activities as an intern, I could observe the graduate students’ research process firsthand, from selecting research topics to submitting papers and going through the rebuttal process.
Spending time with graduate students at CompSec allowed me to engage in discussions on various research areas and broaden my perspective on system security. In particular, I have developed a keen interest in solving security issues related to LLM from a system security standpoint. (ex. defensing from indirect prompt injection attacks) As a result, one of my goals for this summer vacation is to read papers related to LLM and expand my knowledge in this field.
One thing I regret is not being able to actively participate in any activities within the lab, as mentioned earlier. Despite being busy with my university coursework, I poured too much time into classes that were relatively unrelated to my career path, neglecting to study topics that were more relevant to my future. If I continue interning next semester, I plan to be more mindful and strike a balance between focusing on my coursework and maintaining a strong interest in system security research. Specifically, I want to dedicate regular time to reading and summarizing research papers throughout the semester.
Conclusion
This semester, I particularly focused on two courses: System Security and Computer Architecture. Through these courses, I was able to build the necessary background knowledge to pursue research in system security and take a further step in my growth as a researcher. Thanks to my dedicated studies this semester, I was able to achieve satisfying grades. 😊
Additionally, I’m pleased that I took on the challenge of applying for the Presidential Science Scholarship and GSoC. Although I experienced a few failures, I don’t feel a significant sense of regret because I was able to learn various lessons from them. I want to continue challenging myself in the same way and strive for personal growth in the upcoming semester. 🏃
Leave a comment