Bridging the Hardware-Software Gap: A Proof-Carrying Approach for Computer Systems Trust Evaluation

Abstract

The globalization of the semiconductor supply chain has significantly lowered the design cost and shortened the time-to-market (TTM) of Integrated Circuits (ICs) in the electronic industry. Over the years, the semiconductor industry has been restructured and has made significant adjustments to adapt to the trend of globalization. The fabless semiconductor companies have focused on high-profit phases such as design, marketing, and sales and have outsourced chip manufacturing, wafer fabrication, assembly, and packaging to third party companies. The growth of fabless companies has also helped in the proliferation of the intellectual property (IP) industry. The use and reuse of existing commercial IPs has enabled improvements in TTM and cost reduction. Due to globalization of the semiconductor supply chain, companies and governments have decentralized control over this industry. As a consequence, tracking the source of third-party IP cores and monitoring fabrication processes within the foundries has become increasingly difficult, creating unique security concerns for the semiconductor industry. Vulnerabilities in the pre- and post-silicon stages of an IC supply chain may cause IP piracy and allow the inclusion of Trojan circuits, which can hinder the growth of the hardware industry. In order to secure computer systems built from third-party components, security researchers both in hardware and software areas have developed countermeasures to detect malicious modifications and have proposed various solutions to validate the trustworthiness of third-party resources. In the hardware domain, hardware Trojan detection, prevention, and trust evaluation methods have been proposed at the pre- and post-silicon stages to avoid the insertion of malicious logic in ICs. In the software domain, methods have been developed for kernel integrity defense and detection of malicious kernel extensions. While the existing methods have proved effective in securing either the software or the hardware, system-level solutions targeting the entire computer system (particularly composed of third-party software programs and hardware IPs) are lacking. The software security methods assume the trustworthiness of the underlying hardware infrastructure. Similarly, the hardware security solutions do not consider the possible threats from the firmware or OS running on top of it. As a result, these methods fail to protect those computer systems where both the hardware and the software are vulnerable to attack. The semantic gap, which characterizes the difference between the operations performed by hardware and software, has been the major obstacle for developing system level security methods across the software-hardware boundary. Due to the lack of system-level protection, malicious software may exploit hardware backdoors and cause malfunctions, or leak internal information resulting in cross-layer attacks. Cross-layer attacks can easily evade either hardware or software level detection methods and cause harm to the computer systems...

Document Details

Document Type

DoD Grant Award

Publication Date

Oct 11, 2018

Source ID

W911NF1710477

Entities

Tags