1 / 39

Hardware Support for Trustworthy Systems

Hardware Support for Trustworthy Systems. Ted Huffmire ACACES 2012 Fiuggi , Italy. Disclaimer. The views presented in this course are those of the speaker and do not necessarily reflect the views of the United States Department of Defense. Lecture 4 Overview. Forward-Looking Problems

missy
Download Presentation

Hardware Support for Trustworthy Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy

  2. Disclaimer • The views presented in this course are those of the speaker and do not necessarily reflect the views of the United States Department of Defense.

  3. Lecture 4 Overview • Forward-Looking Problems • CAD Tools and IP Cores • Security Usability • Hardware Trust of FPGA Fabric • Languages • Configuration Management • Securing the Supply Chain • Physical Attacks on FPGAs • Dynamic Security • Split Manufacturing • Concluding Remarks

  4. Trustworthy System Development • Maximize Performance • Minimize Cost • Integrate security mechanisms

  5. Example Systems • Tagged Architectures • Banking • Smart Phones • Embedded Systems • Medical Devices • Cars

  6. Example Systems • Discussion Points • What is the threat model for an ATM? • What is the threat model for a phone? • What is the threat model for a pacemaker? • What is the threat model for a car?

  7. CAD Tools and IP Cords • Forward-Looking Problems • CAD Tools and IP Cores • Security Usability • Hardware Trust of FPGA Fabric • Languages • Configuration Management • Securing the Supply Chain • Physical Attacks on FPGAs • Dynamic Security • Split Manufacturing • Concluding Remarks

  8. Trustworthy Tools and IP • Stripped-down alternative design flow

  9. Trustworthy Tools and IP • Discussion Points: • Can we trust the output of CAD tools? • Can we trust the function of IP cores? • How can we improve the CAD tools? • How can we improve the IP cores? • Is it feasible to develop from scratch? • What about the software?

  10. Security Usability • Forward-Looking Problems • CAD Tools and IP Cores • Security Usability • Hardware Trust of FPGA Fabric • Languages • Configuration Management • Securing the Supply Chain • Physical Attacks on FPGAs • Dynamic Security • Split Manufacturing • Concluding Remarks

  11. Security Usability • Design tools and techniques • Technicians • End users • Manage Complexity • Trigger1{M1,w,R1}; • Trigger2{M1,w,R2}; • Access0{M1,r,R1} |{M1,r,R2}|{M2,rw,R1}|{M2,rw,R2}; • Access1{M1,rw,R1} |{M1,r,R2}|{M2,w,R1}|{M2,rw,R2}; • Access12{M1,rw,R1}|{M1,rw,R2}|{M2,w,R1}|{M2,w,R2}; • Access2{M1,r,R1}|{M1,rw,R2}|{M2,w,R1}|{M2,w,R2}; • Access21{M1,rw,R1}|{M1,rw,R2}|{M2,w,R1}|{M2,w,R2}; • Path1 (|Trigger1 Access1* ( |Trigger2 Access12*)); • Path2 (|Trigger2 Access2* ( |Trigger1 Access21*)); • PolicyAccess0* (|Path1|Path2);

  12. Security Usability • Discussion Points • What do we expect from engineers? • What do we expect from technicians? • What do we expect from end users? • How does that guide our efforts?

  13. Hardware Trust of FPGA Fabric • Forward-Looking Problems • CAD Tools and IP Cores • Security Usability • Hardware Trust of FPGA Fabric • Languages • Configuration Management • Securing the Supply Chain • Physical Attacks on FPGAs • Dynamic Security • Split Manufacturing • Concluding Remarks

  14. DRAM DRAM DRAM DRAM DRAM DRAM DRAM DRAM DRAM DRAM BRAM BRAM DRAM DRAM μP μP BRAM BRAM SRAM Block BRAM BRAM FPGA Fabric μP μP BRAM BRAM SDRAM (off-chip) FPGA chip Hardware Trust • Compromise of FPGA fabric

  15. Hardware Trust • Discussion Points • Is it viable to attack the fabric itself? • Can a compromise be detected? • Can we use a compromised FPGA fabric? • What about radiation?

  16. Languages • Forward-Looking Problems • CAD Tools and IP Cores • Security Usability • Hardware Trust of FPGA Fabric • Languages • Configuration Management • Securing the Supply Chain • Physical Attacks on FPGAs • Dynamic Security • Split Manufacturing • Concluding Remarks

  17. Languages • Enhancements to HDLs • case({module_id,op,r1,r2}) • 9’b011110: //Module1,rw,Range1 • state=s0; • 9’b101101: //Module2,rw,Range2 • state=s0; • default: • state=s1; //reject • endcase

  18. Languages • Discussion Points • Are HDL security enhancements useful? • What is the impact on the designer? • Does it slow down the compiler? • Does it slow down the design itself?

  19. Configuration Management • Forward-Looking Problems • CAD Tools and IP Cores • Security Usability • Hardware Trust of FPGA Fabric • Languages • Configuration Management • Securing the Supply Chain • Physical Attacks on FPGAs • Dynamic Security • Split Manufacturing • Concluding Remarks

  20. Configuration Management • Tools • IP Cores CPU Core μP AES Crypto Core

  21. Configuration Management • Discussion Points • Is it useful to put CAD tools under CM? • Is it useful to put IP cores under CM? • What about licenses, patches, etc.?

  22. Securing the Supply Chain • Forward-Looking Problems • CAD Tools and IP Cores • Security Usability • Hardware Trust of FPGA Fabric • Languages • Configuration Management • Securing the Supply Chain • Physical Attacks on FPGAs • Dynamic Security • Split Manufacturing • Concluding Remarks

  23. Securing the Supply Chain • Trusted Packaging, Assembly, and Delivery • Testing

  24. Securing the Supply Chain • Discussion Points • Is malicious packaging useful to attacker? • Do we need trusted assembly facilities? • What about bad capacitors and resistors? • Can tests detect compromised parts? • Are tests destructive? What is the cost? • What tests need to be developed?

  25. Physical Attacks on FPGAs • Forward-Looking Problems • CAD Tools and IP Cores • Security Usability • Hardware Trust of FPGA Fabric • Languages • Configuration Management • Securing the Supply Chain • Physical Attacks on FPGAs • Dynamic Security • Split Manufacturing • Concluding Remarks

  26. Physical Attacks on FPGAs • Design theft and bitstream decryption • Analysis of failure modes • Antenna attack

  27. Physical Attacks on FPGAs • Discussion Points • How to protect bitstream from DPA? • Does an FPGA fail secure? • Is a configurable antenna useful? • How to detect a short-circuit?

  28. Dynamic Security • Forward-Looking Problems • CAD Tools and IP Cores • Security Usability • Hardware Trust of FPGA Fabric • Languages • Configuration Management • Securing the Supply Chain • Physical Attacks on FPGAs • Dynamic Security • Split Manufacturing • Concluding Remarks

  29. Dynamic Security • Partial reconfiguration

  30. Dynamic Security • Discussion Points • Can you change the policy? • How often does the policy change? • Who changes the policy? • Can you return to an earlier policy? • Can you change to a less restrictive policy? • Are policies static or generated dynamically? • How many policies are there?

  31. Split Manufacturing • Forward-Looking Problems • CAD Tools and IP Cores • Security Usability • Hardware Trust of FPGA Fabric • Languages • Configuration Management • Securing the Supply Chain • Physical Attacks on FPGAs • Dynamic Security • Split Manufacturing • Concluding Remarks

  32. Split Manufacturing • 2-D • 3-D

  33. Split Manufacturing • Discussion Points • Can we trust the result of split manufacturing? • Could this approach harm security? • What are the challenges of 2D? • What are the challenges of 3D? • Is it worth it? When is it worth it? • Why not use trusted foundry always? • Can we do everything from scratch?

  34. Concluding Remarks • Forward-Looking Problems • CAD Tools and IP Cores • Security Usability • Hardware Trust of FPGA Fabric • Languages • Configuration Management • Securing the Supply Chain • Physical Attacks on FPGAs • Dynamic Security • Split Manufacturing • Concluding Remarks

  35. Concluding Remarks • Security as High Priority in Design Practices • Tools and Cores • Attacks • Protection Mechanisms • Analysis of Cores, Tools, and Mechanisms • Electronic System Level (ESL) Design • Holistic View of Entire System & Lifecycle • Abstractions to Manage Complexity • Multiple Complementary Techniques • Multi-Core Systems

  36. Lecture 4 Reading • Tagged Architectures • Secure Program Execution via Dynamic Information Flow Tracking • http://portal.acm.org/citation.cfm?id=1024404 • Complete Information Flow Tracking from the Gates Up • http://dl.acm.org/citation.cfm?id=1508258 • Crafting a Usable Microkernel, Processor, and I/O System with Strict and Provable Information Flow Security • http://dl.acm.org/citation.cfm?id=2000087

  37. Lecture 4 Reading • Banking • The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography • http://simonsingh.net/books/the-code-book/ • Why Cryptosystems Fail • http://www.cl.cam.ac.uk/~rja14/Papers/wcf.pdf • Chip and PIN is Broken • http://www.cl.cam.ac.uk/~sjm217/papers/oakland10chipbroken.pdf

  38. Lecture 4 Reading • Embedded Systems Security • Security in Embedded Systems: Design Challenges • http://dl.acm.org/citation.cfm?id=1015049 • Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses • http://www.secure-medicine.org/icd-study/icd-study.pdf • Experimental Security Analysis of a Modern Automobile • http://www.autosec.org/pubs/cars-oakland2010.pdf • TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones • http://www.usenix.org/event/osdi10/tech/full_papers/Enck.pdf

  39. Lecture 4 Reading • Cryptography and Security: From Theory to Applications • http://springer.com/978-3-642-14451-6

More Related