Hardware Support for Trustworthy Systems
Ted HuffmireACACES 2012Fiuggi, Italy
Disclaimer
• The views presented in this course are those of the speaker and do not necessarily reflect the views of the United States Department of Defense.
About Me
• Assistant Professor of CS at NPS• Research
– Computer Architecture, Computer Security– Fast and Secure– Hardware-Oriented Security
Course Overview
• Lecture 1: Overview: Hardware-Oriented Security and Security Engineering
• Lecture 2: Reconfigurable Security Primitives• Lecture 3: Apply Primitives to Memory
Protection, Design Example• Lecture 4: Forward-Looking Problems
Lecture 1 Overview
• Hardware-Oriented Security• Security Engineering
Hardware-Oriented Security
• Hardware-Oriented Security• Security Engineering
What is Hardware Security?
• Many of the issues of hardware security are similar to traditional computer security
• Anything can be hacked, but the attacker has finite resources.
• Each security technique has tradeoffs.
What is Hardware Security?
• Foundry Trust• Intellectual Property• Operational Attacks• Developmental Attacks• System Assurance
What is Hardware Security?
• Interfaces• Composition• Metrics• Education
Problems
• Global Supply Chain of Integrated Circuits• System Assurance
Confronting Security at the Hardware Level
• Opportunities of the hardware level• Challenges of the hardware level
A Brief Word About ‘Cyber’
• Beware of propaganda• Think critically
Security Engineering
• Hardware-Oriented Security• Security Engineering
Security Engineering
• Defending against skilled attackers is hard• Holistic view of entire system• Use the scientific method• Every security technique has tradeoffs
Security Engineering
• Assume the enemy will be in your networks• Increase the risk and cost for the adversary
Security Engineering
• Do not rely on security through obscurity• Principle of least privilege• Minimize system complexity
Security Engineering
• Reference monitor concept• Separation (of duties and system components)
Security Engineering
• Penetrate & patch vs. inherently trustworthy• Platform diversity• Checklists and hardening guides
Security Engineering
• Study past success• Secure defaults• Backups, recovery, and rollback
Security Engineering
• Important Considerations• Approaches to Security Engineering
Rigorous Design Practices
• Configuration management of tools/IP• Eliminate support for insecure legacy
technology• Default configuration disables unnecessary
services
Rigorous Design Practices
• Only develop the features needed• Debugging messages not in production code• Error messages that don’t reveal information
Rigorous Design Practices
• Secure coding practices• Use of formal security analysis and evaluation• Covert channel analysis• Side channel analysis
Rigorous Design Practices
• Protocol analysis• Robust protocols and authentication schemes• Is the implementation faithful to the spec?• Manage complexity. Reference monitor
concept.
Self-protection
• Do not expose critical security functions to attack from other circuitry.
• Examples
Layered Dependencies
• Security-critical circuitry must not depend on circuitry of lesser trustworthiness
• In trusted software stack, applications depend on OS libraries, which depend on secure kernel
Lecture 1 Reading
• Secure Design– Reflections on Trusting Trust
• http://dl.acm.org/citation.cfm?id=358210– The Protection of Information in Computer Systems
• http://www.acsac.org/secshelf/papers/protection_information.pdf
– Design Principles for Security (NPS Technical Report)• http://www.cisr.us/downloads/techpubs/
nps_cs_05_010.pdf
Lecture 1 Reading
• Secure Design– Design and verification of secure systems
• http://dl.acm.org/citation.cfm?id=806586– Shared Resource Matrix Methodology: An
Approach to Identifying Storage and Timing Channels
• http://dl.acm.org/citation.cfm?id=357374– On the Buzzword ‘Security Policy’
• http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=130789
Lecture 1 Reading
• Hardware-Oriented Security and Trust– Trustworthy Hardware: Identifying and Classifying
Hardware Trojans• http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=5604161
– Security Engineering• http://www.cl.cam.ac.uk/~rja14/book.html
– Micro-Architectural Cryptanalysis• http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4288047
– Physical Unclonable Functions for Device Authentication and Secret Key Generation
• http://dl.acm.org/citation.cfm?id=1278484
Lecture 1 Reading
• Physical Attacks– Temperature Attacks
• http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4812164
– Information Leakage from Optical Emanations• http://dl.acm.org/citation.cfm?id=545189
– Differential Power Analysis• http://www.springerlink.com/content/kx35ub53vtrkh2nx/
– Keyboard Acoustic Emanations• http://ieeexplore.ieee.org/xpls/abs_all.jsp?
arnumber=1301311
Lecture 1 Reading
• trust-HUB.org– http://trust-hub.org/
• Introduction to Hardware Security and Trust– http://springer.com/978-1-4419-8079-3
• Towards Hardware-Intrinsic Security– http://springer.com/978-3-642-14451-6