Embed Size (px)
DESCRIPTION
Hardware Support for Trustworthy Systems. Ted Huffmire ACACES 2012 Fiuggi , Italy. Disclaimer. The views presented in this course are those of the speaker and do not necessarily reflect the views of the United States Department of Defense. About Me. Assistant Professor of CS at NPS - PowerPoint PPT Presentation
Citation preview
Hardware Support for Trustworthy Systems
Ted HuffmireACACES 2012Fiuggi, Italy
Disclaimer
• The views presented in this course are those of the speaker and do not necessarily reflect the views of the United States Department of Defense.
About Me
• Assistant Professor of CS at NPS• Research
– Computer Architecture, Computer Security– Fast and Secure– Hardware-Oriented Security
Course Overview
• Lecture 1: Overview: Hardware-Oriented Security and Security Engineering
• Lecture 2: Reconfigurable Security Primitives• Lecture 3: Apply Primitives to Memory
Protection, Design Example• Lecture 4: Forward-Looking Problems
Lecture 1 Overview
• Hardware-Oriented Security• Security Engineering
Hardware-Oriented Security
• Hardware-Oriented Security• Security Engineering
What is Hardware Security?
• Many of the issues of hardware security are similar to traditional computer security
• Anything can be hacked, but the attacker has finite resources.
• Each security technique has tradeoffs.
What is Hardware Security?
• Foundry Trust• Intellectual Property• Operational Attacks• Developmental Attacks• System Assurance
What is Hardware Security?
• Interfaces• Composition• Metrics• Education
Problems
• Global Supply Chain of Integrated Circuits• System Assurance
Confronting Security at the Hardware Level
• Opportunities of the hardware level• Challenges of the hardware level
A Brief Word About ‘Cyber’
• Beware of propaganda• Think critically
Security Engineering
• Hardware-Oriented Security• Security Engineering
Security Engineering
• Defending against skilled attackers is hard• Holistic view of entire system• Use the scientific method• Every security technique has tradeoffs
Security Engineering
• Assume the enemy will be in your networks• Increase the risk and cost for the adversary
Security Engineering
• Do not rely on security through obscurity• Principle of least privilege• Minimize system complexity
Security Engineering
• Reference monitor concept• Separation (of duties and system components)
Security Engineering
• Penetrate & patch vs. inherently trustworthy• Platform diversity• Checklists and hardening guides
Security Engineering
• Study past success• Secure defaults• Backups, recovery, and rollback
Security Engineering
• Important Considerations• Approaches to Security Engineering
Rigorous Design Practices
• Configuration management of tools/IP• Eliminate support for insecure legacy
technology• Default configuration disables unnecessary
services
Rigorous Design Practices
• Only develop the features needed• Debugging messages not in production code• Error messages that don’t reveal information
Rigorous Design Practices
• Secure coding practices• Use of formal security analysis and evaluation• Covert channel analysis• Side channel analysis
Rigorous Design Practices
• Protocol analysis• Robust protocols and authentication schemes• Is the implementation faithful to the spec?• Manage complexity. Reference monitor
concept.
Self-protection
• Do not expose critical security functions to attack from other circuitry.
• Examples
Layered Dependencies
• Security-critical circuitry must not depend on circuitry of lesser trustworthiness
• In trusted software stack, applications depend on OS libraries, which depend on secure kernel
Lecture 1 Reading
• Secure Design– Reflections on Trusting Trust
• http://dl.acm.org/citation.cfm?id=358210– The Protection of Information in Computer Systems
• http://www.acsac.org/secshelf/papers/protection_information.pdf
– Design Principles for Security (NPS Technical Report)• http://www.cisr.us/downloads/techpubs/
nps_cs_05_010.pdf
Lecture 1 Reading
• Secure Design– Design and verification of secure systems
• http://dl.acm.org/citation.cfm?id=806586– Shared Resource Matrix Methodology: An
Approach to Identifying Storage and Timing Channels
• http://dl.acm.org/citation.cfm?id=357374– On the Buzzword ‘Security Policy’
• http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=130789
Lecture 1 Reading
• Hardware-Oriented Security and Trust– Trustworthy Hardware: Identifying and Classifying
Hardware Trojans• http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=5604161
– Security Engineering• http://www.cl.cam.ac.uk/~rja14/book.html
– Micro-Architectural Cryptanalysis• http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4288047
– Physical Unclonable Functions for Device Authentication and Secret Key Generation
• http://dl.acm.org/citation.cfm?id=1278484
Lecture 1 Reading
• Physical Attacks– Temperature Attacks
• http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4812164
– Information Leakage from Optical Emanations• http://dl.acm.org/citation.cfm?id=545189
– Differential Power Analysis• http://www.springerlink.com/content/kx35ub53vtrkh2nx/
– Keyboard Acoustic Emanations• http://ieeexplore.ieee.org/xpls/abs_all.jsp?
arnumber=1301311
Lecture 1 Reading
• trust-HUB.org– http://trust-hub.org/
• Introduction to Hardware Security and Trust– http://springer.com/978-1-4419-8079-3
• Towards Hardware-Intrinsic Security– http://springer.com/978-3-642-14451-6
![Verifiable ASICs: trustworthy hardware with untrusted ... · [A2: Analog Malicious Hardware, Yang et al., IEEE S&P 2016; Stealthy Dopant-Level Trojans, Becker et al., CHES 2013] But](https://img.pdfslide.us/doc/110x75/5f09d7b37e708231d428c152/verifiable-asics-trustworthy-hardware-with-untrusted-a2-analog-malicious.jpg)
