Bridging the Hardware-Software Gap: A Proof-Carrying Approach for Computer Systems Trust Evaluation

Abstract

Major Goals: The globalization of the semiconductor supply chain has significantly lowered the design cost and shortened the time-to-market [TTM] of Integrated Circuits [ICs] in the electronic industry. Over the years, the semiconductor industry has been restructured and has made significant adjustments to adapt to the trend of globalization. The fabless semiconductor companies have focused on high-profit phases such as design, marketing, and sales and have outsourced chip manufacturing, wafer fabrication, assembly, and packaging to third-party companies. The growth of fabless companies has also helped in the proliferation of the intellectual property [IP] industry. The use and reuse of existing commercial IPs has enabled improvements in TTM and cost reduction. Due to globalization of the semiconductor supply chain, companies and governments have decentralized control over this industry. As a consequence, tracking the source of third-party IP cores and monitoring fabrication processes within the foundries has become increasingly difficult, creating unique security concerns for the semiconductor industry. Vulnerabilities in the pre- and post-silicon stages of an IC supply chain may cause IP piracy and allow inclusion of Trojan circuits, which can hinder the growth of the hardware industry. In order to secure computer systems built from third-party components, security researchers both in hardware and software areas have developed countermeasures to detect malicious modifications and have proposed various solutions to validate the trustworthiness of third-party resources. In the hardware domain, hardware Trojan detection, prevention, and trust evaluation methods have been proposed at the pre- and post-silicon stages to avoid the insertion of malicious logic in ICs. In the software domain, methods have been developed for kernel integrity defense and detection of malicious kernel extensions.

Document Details

Document Type

Technical Report

Publication Date

Oct 10, 2019

Accession Number

AD1222801

Entities

Tags