Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.

Published byElaine Floyd Modified over 9 years ago

Similar presentations

Presentation on theme: "Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy."— Presentation transcript:

1 Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy

2 Disclaimer The views presented in this course are those of the speaker and do not necessarily reflect the views of the United States Department of Defense.

3 About Me Assistant Professor of CS at NPS Research –Computer Architecture, Computer Security –Fast and Secure –Hardware-Oriented Security

4 Course Overview Lecture 1: Overview: Hardware-Oriented Security and Security Engineering Lecture 2: Reconfigurable Security Primitives Lecture 3: Apply Primitives to Memory Protection, Design Example Lecture 4: Forward-Looking Problems

5 Lecture 1 Overview Hardware-Oriented Security Security Engineering

6 Hardware-Oriented Security Security Engineering

7 What is Hardware Security? Many of the issues of hardware security are similar to traditional computer security Anything can be hacked, but the attacker has finite resources. Each security technique has tradeoffs.

8 What is Hardware Security? Foundry Trust Intellectual Property Operational Attacks Developmental Attacks System Assurance

9 What is Hardware Security? Interfaces Composition Metrics Education

10 Problems Global Supply Chain of Integrated Circuits System Assurance

11 Confronting Security at the Hardware Level Opportunities of the hardware level Challenges of the hardware level

12 A Brief Word About ‘Cyber’ Beware of propaganda Think critically

13 Security Engineering Hardware-Oriented Security Security Engineering

14 Defending against skilled attackers is hard Holistic view of entire system Use the scientific method Every security technique has tradeoffs

15 Security Engineering Assume the enemy will be in your networks Increase the risk and cost for the adversary

16 Security Engineering Do not rely on security through obscurity Principle of least privilege Minimize system complexity

17 Security Engineering Reference monitor concept Separation (of duties and system components)

18 Security Engineering Penetrate & patch vs. inherently trustworthy Platform diversity Checklists and hardening guides

19 Security Engineering Study past success Secure defaults Backups, recovery, and rollback

20 Security Engineering Important Considerations Approaches to Security Engineering

21 Rigorous Design Practices Configuration management of tools/IP Eliminate support for insecure legacy technology Default configuration disables unnecessary services

22 Rigorous Design Practices Only develop the features needed Debugging messages not in production code Error messages that don’t reveal information

23 Rigorous Design Practices Secure coding practices Use of formal security analysis and evaluation Covert channel analysis Side channel analysis

24 Rigorous Design Practices Protocol analysis Robust protocols and authentication schemes Is the implementation faithful to the spec? Manage complexity. Reference monitor concept.

25 Self-protection Do not expose critical security functions to attack from other circuitry. Examples

26 Layered Dependencies Security-critical circuitry must not depend on circuitry of lesser trustworthiness In trusted software stack, applications depend on OS libraries, which depend on secure kernel

27 Lecture 1 Reading Secure Design – Reflections on Trusting Trust http://dl.acm.org/citation.cfm?id=358210 – The Protection of Information in Computer Systems http://www.acsac.org/secshelf/papers/protection_informati on.pdf – Design Principles for Security (NPS Technical Report) http://www.cisr.us/downloads/techpubs/nps_cs_05_010.pd f

28 Lecture 1 Reading Secure Design – Design and verification of secure systems http://dl.acm.org/citation.cfm?id=806586 – Shared Resource Matrix Methodology: An Approach to Identifying Storage and Timing Channels http://dl.acm.org/citation.cfm?id=357374 – On the Buzzword ‘Security Policy’ http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber= 130789

29 Lecture 1 Reading Hardware-Oriented Security and Trust – Trustworthy Hardware: Identifying and Classifying Hardware Trojans http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=5604161 – Security Engineering http://www.cl.cam.ac.uk/~rja14/book.html – Micro-Architectural Cryptanalysis http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4288047 – Physical Unclonable Functions for Device Authentication and Secret Key Generation http://dl.acm.org/citation.cfm?id=1278484

30 Lecture 1 Reading Physical Attacks – Temperature Attacks http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=48121 64 – Information Leakage from Optical Emanations http://dl.acm.org/citation.cfm?id=545189 – Differential Power Analysis http://www.springerlink.com/content/kx35ub53vtrkh2nx/ – Keyboard Acoustic Emanations http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=13013 11

31 Lecture 1 Reading trust-HUB.org – http://trust-hub.org/ Introduction to Hardware Security and Trust – http://springer.com/978-1-4419-8079-3 Towards Hardware-Intrinsic Security – http://springer.com/978-3-642-14451-6

Download ppt "Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy."

Similar presentations

1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010

1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010
1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010

1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010
Operating System Security

Operating System Security
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-1 Chapter 12: Design Principles Overview Principles –Least Privilege –Fail-Safe.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-1 Chapter 12: Design Principles Overview Principles –Least Privilege –Fail-Safe.
Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.

Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.
CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.
Dancing with Giants: Wimpy Kernels for On-demand Isolated I/O Presenter: Probir Roy Computer Science Department College of William & Mary.

Dancing with Giants: Wimpy Kernels for On-demand Isolated I/O Presenter: Probir Roy Computer Science Department College of William & Mary.
© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.

© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
New Direction for Software Protection in Embedded Systems Department of EECS University of Michigan Feb 22, 2007 Kang G. Shin.

New Direction for Software Protection in Embedded Systems Department of EECS University of Michigan Feb 22, 2007 Kang G. Shin.
VM: Chapter 5 Guiding Principles for Software Security.

VM: Chapter 5 Guiding Principles for Software Security.
OWASP Principles for GIS Data Security Keeping your GIS data secure.

OWASP Principles for GIS Data Security Keeping your GIS data secure.
Trusted Hardware: Can it be Trustworthy? Design Automation Conference 5 June 2007 Karl Levitt National Science Foundation Cynthia E. Irvine Naval Postgraduate.

Trusted Hardware: Can it be Trustworthy? Design Automation Conference 5 June 2007 Karl Levitt National Science Foundation Cynthia E. Irvine Naval Postgraduate.
Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.

Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.
3Dsec: Trustworthy System Security through 3-D Integrated Hardware Ted Huffmire 14 January 2009.

3Dsec: Trustworthy System Security through 3-D Integrated Hardware Ted Huffmire 14 January 2009.
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.

Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.

Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Figure 1.1 Interaction between applications and the operating system.

Figure 1.1 Interaction between applications and the operating system.

Similar presentations

Ads by Google