Hardware Support for Trustworthy Systems

Ted HuffmireACACES 2012Fiuggi, Italy

Disclaimer

• The views presented in this course are those of the speaker and do not necessarily reflect the views of the United States Department of Defense.

About Me

• Assistant Professor of CS at NPS• Research

– Computer Architecture, Computer Security– Fast and Secure– Hardware-Oriented Security

Course Overview

• Lecture 1: Overview: Hardware-Oriented Security and Security Engineering

• Lecture 2: Reconfigurable Security Primitives• Lecture 3: Apply Primitives to Memory

Protection, Design Example• Lecture 4: Forward-Looking Problems

Lecture 1 Overview

• Hardware-Oriented Security• Security Engineering

Hardware-Oriented Security

• Hardware-Oriented Security• Security Engineering

What is Hardware Security?

• Many of the issues of hardware security are similar to traditional computer security

• Anything can be hacked, but the attacker has finite resources.

• Each security technique has tradeoffs.

What is Hardware Security?

• Foundry Trust• Intellectual Property• Operational Attacks• Developmental Attacks• System Assurance

What is Hardware Security?

• Interfaces• Composition• Metrics• Education

Problems

• Global Supply Chain of Integrated Circuits• System Assurance

Confronting Security at the Hardware Level

• Opportunities of the hardware level• Challenges of the hardware level

A Brief Word About ‘Cyber’

• Beware of propaganda• Think critically

Security Engineering

• Hardware-Oriented Security• Security Engineering

Security Engineering

• Defending against skilled attackers is hard• Holistic view of entire system• Use the scientific method• Every security technique has tradeoffs

Security Engineering

• Assume the enemy will be in your networks• Increase the risk and cost for the adversary

Security Engineering

• Do not rely on security through obscurity• Principle of least privilege• Minimize system complexity

Security Engineering

• Reference monitor concept• Separation (of duties and system components)

Security Engineering

• Penetrate & patch vs. inherently trustworthy• Platform diversity• Checklists and hardening guides

Security Engineering

• Study past success• Secure defaults• Backups, recovery, and rollback

Security Engineering

• Important Considerations• Approaches to Security Engineering

Rigorous Design Practices

• Configuration management of tools/IP• Eliminate support for insecure legacy

technology• Default configuration disables unnecessary

services

Rigorous Design Practices

• Only develop the features needed• Debugging messages not in production code• Error messages that don’t reveal information

Rigorous Design Practices

• Secure coding practices• Use of formal security analysis and evaluation• Covert channel analysis• Side channel analysis

Rigorous Design Practices

• Protocol analysis• Robust protocols and authentication schemes• Is the implementation faithful to the spec?• Manage complexity. Reference monitor

concept.

Self-protection

• Do not expose critical security functions to attack from other circuitry.

• Examples

Layered Dependencies

• Security-critical circuitry must not depend on circuitry of lesser trustworthiness

• In trusted software stack, applications depend on OS libraries, which depend on secure kernel

Lecture 1 Reading

• Secure Design– Reflections on Trusting Trust

• http://dl.acm.org/citation.cfm?id=358210– The Protection of Information in Computer Systems

• http://www.acsac.org/secshelf/papers/protection_information.pdf

– Design Principles for Security (NPS Technical Report)• http://www.cisr.us/downloads/techpubs/

nps_cs_05_010.pdf

Lecture 1 Reading

• Secure Design– Design and verification of secure systems

• http://dl.acm.org/citation.cfm?id=806586– Shared Resource Matrix Methodology: An

Approach to Identifying Storage and Timing Channels

• http://dl.acm.org/citation.cfm?id=357374– On the Buzzword ‘Security Policy’

• http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=130789

Lecture 1 Reading

• Hardware-Oriented Security and Trust– Trustworthy Hardware: Identifying and Classifying

Hardware Trojans• http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=5604161

– Security Engineering• http://www.cl.cam.ac.uk/~rja14/book.html

– Micro-Architectural Cryptanalysis• http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4288047

– Physical Unclonable Functions for Device Authentication and Secret Key Generation

• http://dl.acm.org/citation.cfm?id=1278484

Lecture 1 Reading

• Physical Attacks– Temperature Attacks

• http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4812164

– Information Leakage from Optical Emanations• http://dl.acm.org/citation.cfm?id=545189

– Differential Power Analysis• http://www.springerlink.com/content/kx35ub53vtrkh2nx/

– Keyboard Acoustic Emanations• http://ieeexplore.ieee.org/xpls/abs_all.jsp?

arnumber=1301311

Lecture 1 Reading

• trust-HUB.org– http://trust-hub.org/

• Introduction to Hardware Security and Trust– http://springer.com/978-1-4419-8079-3

• Towards Hardware-Intrinsic Security– http://springer.com/978-3-642-14451-6