Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy
Disclaimer The views presented in this course are those of the speaker and do not necessarily reflect the views of the United States Department of Defense.
About Me Assistant Professor of CS at NPS Research –Computer Architecture, Computer Security –Fast and Secure –Hardware-Oriented Security
Course Overview Lecture 1: Overview: Hardware-Oriented Security and Security Engineering Lecture 2: Reconfigurable Security Primitives Lecture 3: Apply Primitives to Memory Protection, Design Example Lecture 4: Forward-Looking Problems
Lecture 1 Overview Hardware-Oriented Security Security Engineering
Hardware-Oriented Security Security Engineering
What is Hardware Security? Many of the issues of hardware security are similar to traditional computer security Anything can be hacked, but the attacker has finite resources. Each security technique has tradeoffs.
What is Hardware Security? Foundry Trust Intellectual Property Operational Attacks Developmental Attacks System Assurance
What is Hardware Security? Interfaces Composition Metrics Education
Problems Global Supply Chain of Integrated Circuits System Assurance
Confronting Security at the Hardware Level Opportunities of the hardware level Challenges of the hardware level
A Brief Word About ‘Cyber’ Beware of propaganda Think critically
Security Engineering Hardware-Oriented Security Security Engineering
Defending against skilled attackers is hard Holistic view of entire system Use the scientific method Every security technique has tradeoffs
Security Engineering Assume the enemy will be in your networks Increase the risk and cost for the adversary
Security Engineering Do not rely on security through obscurity Principle of least privilege Minimize system complexity
Security Engineering Reference monitor concept Separation (of duties and system components)
Security Engineering Penetrate & patch vs. inherently trustworthy Platform diversity Checklists and hardening guides
Security Engineering Study past success Secure defaults Backups, recovery, and rollback
Security Engineering Important Considerations Approaches to Security Engineering
Rigorous Design Practices Configuration management of tools/IP Eliminate support for insecure legacy technology Default configuration disables unnecessary services
Rigorous Design Practices Only develop the features needed Debugging messages not in production code Error messages that don’t reveal information
Rigorous Design Practices Secure coding practices Use of formal security analysis and evaluation Covert channel analysis Side channel analysis
Rigorous Design Practices Protocol analysis Robust protocols and authentication schemes Is the implementation faithful to the spec? Manage complexity. Reference monitor concept.
Self-protection Do not expose critical security functions to attack from other circuitry. Examples
Layered Dependencies Security-critical circuitry must not depend on circuitry of lesser trustworthiness In trusted software stack, applications depend on OS libraries, which depend on secure kernel
Lecture 1 Reading Secure Design – Reflections on Trusting Trust – The Protection of Information in Computer Systems on.pdf – Design Principles for Security (NPS Technical Report) f
Lecture 1 Reading Secure Design – Design and verification of secure systems – Shared Resource Matrix Methodology: An Approach to Identifying Storage and Timing Channels – On the Buzzword ‘Security Policy’
Lecture 1 Reading Hardware-Oriented Security and Trust – Trustworthy Hardware: Identifying and Classifying Hardware Trojans – Security Engineering – Micro-Architectural Cryptanalysis – Physical Unclonable Functions for Device Authentication and Secret Key Generation
Lecture 1 Reading Physical Attacks – Temperature Attacks 64 – Information Leakage from Optical Emanations – Differential Power Analysis – Keyboard Acoustic Emanations 11
Lecture 1 Reading trust-HUB.org – Introduction to Hardware Security and Trust – Towards Hardware-Intrinsic Security –