Baking Hack Resistance Directly into Hardware


Reading time ( words)

Military and civilian technological systems, from fighter aircraft to networked household appliances, are becoming ever more dependent upon software systems inherently vulnerable to electronic intruders. To meet its mission of preventing technological surprise and increasing national security, DARPA has advanced a number of technologies to make software more secure. But what if hardware could be recruited to do a bigger share of that work? That’s the question DARPA’s new System Security Integrated Through Hardware and Firmware (SSITH) program aims to answer.

“Security for electronic systems has been left up to software until now, but the overall confidence in this approach is summed up in the sardonic description of this standard practice as ‘patch and pray,’” said SSITH program manager Linton Salmon of the Agency’s Microsystems Technology Office. “This race against ever more clever cyberintruders is never going to end if we keep designing our systems around gullible hardware that can be fooled in countless ways by software. The SSITH program will complement DARPA software security efforts like High-Assurance Cyber Military Systems (HACMS) and the Cyber Grand Challenge (CGC) by taking advantage of new technologies to develop integrated circuits that are inherently impervious to software end-runs.”

Any software patch to a hardware-based security flaw—whether it is in a personal computer or a corporate or government information-technology system—merely salves a symptom without addressing the underlying hardware vulnerability. Left untouched, that same hardware weakness remains vulnerable to follow-on software-based breaches that members of the clever club might devise. “To break this cycle and thwart both today’s and tomorrow’s software attacks, the SSITH program challenges researchers to design security directly at the hardware architecture level,” said Salmon. “Instead of relying on software Band-Aids to hardware-based security issues, we are aiming to remove those hardware vulnerabilities in ways that will disarm a large proportion of today’s software attacks.”

SSITH specifically seeks to address the seven classes of hardware vulnerabilities listed in the Common Weakness Enumeration (cwe.mitre.org), a crowd-sourced compendium of security issues that is familiar to the information technology security community. In cyberjargon, these classes are: permissions and privileges, buffer errors, resource management, information leakage, numeric errors, crypto errors, and code injection. Researchers have documented some 2800 software breaches that have taken advantage of one or more of these hardware vulnerabilities, all seven of which are variously present to in the integrated microcircuitry of electronic systems around the world. Remove those hardware weaknesses, Salmon said, and you would effectively close down more than 40% of the software doors intruders now have available to them.

The strategic challenge for participants in the SSITH program will be to develop new integrated circuit (IC) architectures that lack the current software-accessible points of illicit entry, yet retain the computational functions and high-performance the ICs were designed to deliver. Another goal of the program is the development of design tools that would become widely available so that hardware-anchored security would eventually become a standard feature of ICs in both Defense Department and commercial electronic systems. The anticipated 39-month program centers on two technical areas. One of them focuses on the development and demonstration of hardware architectures that protect against one or more of the seven vulnerability classes as well as design tools the electronics community would need for including hardware-based security innovations in their design and manufacturing practices. The second technical area encompasses methodologies and metrics for measuring (and representing for system designers) the security status of the newly designed electronic systems and any tradeoffs the hardware-won security might levy in the form of system performance, power needs and efficiency, circuit area, and other standard circuit features.

Share


Suggested Items

DARPA’s Drive to Keep the Microelectronics Revolution at Full Speed Builds Its Own Momentum

08/28/2017 | DARPA
To perpetuate the pace of innovation and progress in microelectronics technology over the past half-century, it will take an enormous village rife with innovators. This week, about 100 of those innovators throughout the broader technology ecosystem, including participants from the military, commercial, and academic sectors, gathered at DARPA headquarters at the kickoff meeting for the Agency’s new CHIPS program, known in long form as the Common Heterogeneous Integration and Intellectual Property (IP) Reuse Strategies program.

Enabling Extreme New Designs for Optics and Imagers

08/22/2016 | DARPA
DARPA seeks engineered optical materials unconstrained by “laws” of classical optics to develop vastly smaller, lighter, and more capable devices for advanced imaging applications.

CDTEI Summer School 2016: Social Entrepreneurship Challenge in Partnership with RNIB

07/19/2016 | Connie Stovell, EPSRC Centre
Each year, we bring all of our CDT students together to participate in our annual summer school, which provides an opportunity for all the student cohorts to meet, work together and learn new skills.



Copyright © 2017 I-Connect007. All rights reserved.