Defining and enforcing hardware security requirements
Bilzor, Michael B.
MetadataShow full item record
Security in computing systems to date has focused mostly on software. In this research, we explore the application and enforceability of well-defined security requirements in hardware designs. The principal threats to hardware systems demonstrated in the academic literature to date involve some type of subversion, often called a Hardware Trojan or malicious inclusion. Detecting these has proved very difficult. We demonstrate a method whereby the dynamic enforcement of a processor's security requirements can be used to detect the presence of some of these malicious inclusions. Although there are theoretical limits on which security properties can be dynamically enforced using the techniques we describe, our research does provide a novel method for expressing and enforcing security requirements at runtime in hardware designs. While the method does not guarantee the detection of all possible malicious inclusions in a given processor, it addresses a large class of inclusions-those detectable as violations of behavioral restrictions in the architectural specification-which provides significant progress against the general case, given a suitably complete set of checkers.
Showing items related by title, author, creator and subject.
Evaluating Security Requirements in a General-Purpose Processor by Combining Assertion Checkers with Code Coverage Bilzor, Michael; Huffmire, Ted; Irvine, Cynthia E.; Levin, Tim (2012-06);The problem of malicious inclusions in hardware is an emerging threat, and detecting them is a difficult challenge. In this research, we enhance an existing method for creating assertion-based dynamic checkers, and ...
Nguyen, Thuy D.; Irvine, Cynthia E.; Levin, Timothy E.; McEvilley, Michael (International Common Criteria Conference (ICCC), Rome, Italy, September 2007, 2007-09-01);The U.S. Government Protection Profile for Separation Kernels in Environments Requiring High Robustness (SKPP) is undergoing evaluation. During its authoring process, new extended functional and assurance requirements were ...
Nesteruk, Erik A. (Monterey, CaliforniaNaval Postgraduate School, 2009-09);This thesis describes the security risks for network-centric weapon systems as a combination of different aspects of security, each with its own threats and mitigation strategies. Computer and network security deals with ...