Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.

Published byKory Charles Modified over 9 years ago

Similar presentations

Presentation on theme: "Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy."— Presentation transcript:

1 Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy

2 Disclaimer The views presented in this course are those of the speaker and do not necessarily reflect the views of the United States Department of Defense.

3 Lecture 4 Overview Forward-Looking Problems – CAD Tools and IP Cores – Security Usability – Hardware Trust of FPGA Fabric – Languages – Configuration Management – Securing the Supply Chain – Physical Attacks on FPGAs – Dynamic Security – Split Manufacturing Concluding Remarks

4 Trustworthy System Development Maximize Performance Minimize Cost Integrate security mechanisms

5 Example Systems Tagged Architectures Banking Smart Phones Embedded Systems – Medical Devices – Cars

6 Example Systems Discussion Points – What is the threat model for an ATM? – What is the threat model for a phone? – What is the threat model for a pacemaker? – What is the threat model for a car?

7 CAD Tools and IP Cords Forward-Looking Problems – CAD Tools and IP Cores – Security Usability – Hardware Trust of FPGA Fabric – Languages – Configuration Management – Securing the Supply Chain – Physical Attacks on FPGAs – Dynamic Security – Split Manufacturing Concluding Remarks

8 Trustworthy Tools and IP Stripped-down alternative design flow

9 Trustworthy Tools and IP Discussion Points: – Can we trust the output of CAD tools? – Can we trust the function of IP cores? – How can we improve the CAD tools? – How can we improve the IP cores? – Is it feasible to develop from scratch? – What about the software?

10 Security Usability Forward-Looking Problems – CAD Tools and IP Cores – Security Usability – Hardware Trust of FPGA Fabric – Languages – Configuration Management – Securing the Supply Chain – Physical Attacks on FPGAs – Dynamic Security – Split Manufacturing Concluding Remarks

11 Security Usability Design tools and techniques Technicians End users Manage Complexity – Trigger 1  {M 1,w,R 1 }; – Trigger 2  {M 1,w,R 2 }; – Access 0  {M 1,r,R 1 } |{M 1,r,R 2 }|{M 2,rw,R 1 }|{M 2,rw,R 2 }; – Access 1  {M 1,rw,R 1 } |{M 1,r,R 2 }|{M 2,w,R 1 }|{M 2,rw,R 2 }; – Access 12  {M 1,rw,R 1 }|{M 1,rw,R 2 }|{M 2,w,R 1 }|{M 2,w,R 2 }; – Access 2  {M 1,r,R 1 }|{M 1,rw,R 2 }|{M 2,w,R 1 }|{M 2,w,R 2 }; – Access 21  {M 1,rw,R 1 }|{M 1,rw,R 2 }|{M 2,w,R 1 }|{M 2,w,R 2 }; – Path1  (  |Trigger 1 Access 1 * (  |Trigger 2 Access 12 *)); – Path2  (  |Trigger 2 Access 2 * (  |Trigger 1 Access 21 *)); – Policy  Access 0 * (  |Path 1 |Path 2 );

12 Security Usability Discussion Points – What do we expect from engineers? – What do we expect from technicians? – What do we expect from end users? – How does that guide our efforts?

13 Hardware Trust of FPGA Fabric Forward-Looking Problems – CAD Tools and IP Cores – Security Usability – Hardware Trust of FPGA Fabric – Languages – Configuration Management – Securing the Supply Chain – Physical Attacks on FPGAs – Dynamic Security – Split Manufacturing Concluding Remarks

14 Hardware Trust Compromise of FPGA fabric SDRAM (off-chip) DRAM FPGA chip μPμP μPμP μPμP μPμP SRAM Block BRAM FPGA Fabric

15 Hardware Trust Discussion Points – Is it viable to attack the fabric itself? – Can a compromise be detected? – Can we use a compromised FPGA fabric? – What about radiation?

16 Languages Forward-Looking Problems – CAD Tools and IP Cores – Security Usability – Hardware Trust of FPGA Fabric – Languages – Configuration Management – Securing the Supply Chain – Physical Attacks on FPGAs – Dynamic Security – Split Manufacturing Concluding Remarks

17 Languages Enhancements to HDLs – case({module_id,op,r1,r2}) 9 ’ b011110: //Module 1,rw,Range 1 – state=s0; 9 ’ b101101: //Module 2,rw,Range 2 – state=s0; default: – state=s1; //reject – endcase

18 Languages Discussion Points – Are HDL security enhancements useful? – What is the impact on the designer? – Does it slow down the compiler? – Does it slow down the design itself?

19 Configuration Management Forward-Looking Problems – CAD Tools and IP Cores – Security Usability – Hardware Trust of FPGA Fabric – Languages – Configuration Management – Securing the Supply Chain – Physical Attacks on FPGAs – Dynamic Security – Split Manufacturing Concluding Remarks

20 Configuration Management Tools IP Cores Crypto Core CPU Core AES μPμP

21 Configuration Management Discussion Points – Is it useful to put CAD tools under CM? – Is it useful to put IP cores under CM? – What about licenses, patches, etc.?

22 Securing the Supply Chain Forward-Looking Problems – CAD Tools and IP Cores – Security Usability – Hardware Trust of FPGA Fabric – Languages – Configuration Management – Securing the Supply Chain – Physical Attacks on FPGAs – Dynamic Security – Split Manufacturing Concluding Remarks

23 Securing the Supply Chain Trusted Packaging, Assembly, and Delivery Testing

24 Securing the Supply Chain Discussion Points – Is malicious packaging useful to attacker? – Do we need trusted assembly facilities? – What about bad capacitors and resistors? – Can tests detect compromised parts? – Are tests destructive? What is the cost? – What tests need to be developed?

25 Physical Attacks on FPGAs Forward-Looking Problems – CAD Tools and IP Cores – Security Usability – Hardware Trust of FPGA Fabric – Languages – Configuration Management – Securing the Supply Chain – Physical Attacks on FPGAs – Dynamic Security – Split Manufacturing Concluding Remarks

26 Physical Attacks on FPGAs Design theft and bitstream decryption Analysis of failure modes Antenna attack

27 Physical Attacks on FPGAs Discussion Points – How to protect bitstream from DPA? – Does an FPGA fail secure? – Is a configurable antenna useful? – How to detect a short-circuit?

28 Dynamic Security Forward-Looking Problems – CAD Tools and IP Cores – Security Usability – Hardware Trust of FPGA Fabric – Languages – Configuration Management – Securing the Supply Chain – Physical Attacks on FPGAs – Dynamic Security – Split Manufacturing Concluding Remarks

29 Dynamic Security Partial reconfiguration

30 Dynamic Security Discussion Points – Can you change the policy? – How often does the policy change? – Who changes the policy? – Can you return to an earlier policy? – Can you change to a less restrictive policy? – Are policies static or generated dynamically? – How many policies are there?

31 Split Manufacturing Forward-Looking Problems – CAD Tools and IP Cores – Security Usability – Hardware Trust of FPGA Fabric – Languages – Configuration Management – Securing the Supply Chain – Physical Attacks on FPGAs – Dynamic Security – Split Manufacturing Concluding Remarks

32 Split Manufacturing 2-D 3-D

33 Split Manufacturing Discussion Points – Can we trust the result of split manufacturing? – Could this approach harm security? – What are the challenges of 2D? – What are the challenges of 3D? – Is it worth it? When is it worth it? – Why not use trusted foundry always? – Can we do everything from scratch?

34 Concluding Remarks Forward-Looking Problems – CAD Tools and IP Cores – Security Usability – Hardware Trust of FPGA Fabric – Languages – Configuration Management – Securing the Supply Chain – Physical Attacks on FPGAs – Dynamic Security – Split Manufacturing Concluding Remarks

35 Security as High Priority in Design Practices Tools and Cores Attacks Protection Mechanisms Analysis of Cores, Tools, and Mechanisms Electronic System Level (ESL) Design Holistic View of Entire System & Lifecycle Abstractions to Manage Complexity Multiple Complementary Techniques Multi-Core Systems

36 Lecture 4 Reading Tagged Architectures – Secure Program Execution via Dynamic Information Flow Tracking http://portal.acm.org/citation.cfm?id=1024404 – Complete Information Flow Tracking from the Gates Up http://dl.acm.org/citation.cfm?id=1508258 – Crafting a Usable Microkernel, Processor, and I/O System with Strict and Provable Information Flow Security http://dl.acm.org/citation.cfm?id=2000087

37 Lecture 4 Reading Banking – The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography http://simonsingh.net/books/the-code-book/ – Why Cryptosystems Fail http://www.cl.cam.ac.uk/~rja14/Papers/wcf.pdf – Chip and PIN is Broken http://www.cl.cam.ac.uk/~sjm217/papers/oakland10ch ipbroken.pdf

38 Lecture 4 Reading Embedded Systems Security – Security in Embedded Systems: Design Challenges http://dl.acm.org/citation.cfm?id=1015049 – Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses http://www.secure-medicine.org/icd-study/icd-study.pdf – Experimental Security Analysis of a Modern Automobile http://www.autosec.org/pubs/cars-oakland2010.pdf – TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones http://www.usenix.org/event/osdi10/tech/full_papers/Enck.pdf

39 Lecture 4 Reading Cryptography and Security: From Theory to Applications – http://springer.com/978-3-642-14451-6

Download ppt "Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy."

Similar presentations

FPGA (Field Programmable Gate Array)

FPGA (Field Programmable Gate Array)
Operating System Security

Operating System Security
Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.

Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.
1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.

1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.
HTR: On-Chip Hardware Task Relocation for Partially Reconfigurable FPGAs + Also Affiliated with NSF Center for High- Performance Reconfigurable Computing.

HTR: On-Chip Hardware Task Relocation for Partially Reconfigurable FPGAs + Also Affiliated with NSF Center for High- Performance Reconfigurable Computing.
G53SEC 1 Hardware Security The (slightly) more tactile side of security.

G53SEC 1 Hardware Security The (slightly) more tactile side of security.
Trusted Design In FPGAs Steve Trimberger Xilinx Research Labs.

Trusted Design In FPGAs Steve Trimberger Xilinx Research Labs.
EELE 367 – Logic Design Module 2 – Modern Digital Design Flow Agenda 1.History of Digital Design Approach 2.HDLs 3.Design Abstraction 4.Modern Design Steps.

EELE 367 – Logic Design Module 2 – Modern Digital Design Flow Agenda 1.History of Digital Design Approach 2.HDLs 3.Design Abstraction 4.Modern Design Steps.
Introduction CSCI 444/544 Operating Systems Fall 2008.

Introduction CSCI 444/544 Operating Systems Fall 2008.
Nios II Processor-Based Self- Adaptive QRS Detection System Institution: Indian Institute of Technology, Kharagpur Participants: Sai Prashanth, Prashant.

Nios II Processor-Based Self- Adaptive QRS Detection System Institution: Indian Institute of Technology, Kharagpur Participants: Sai Prashanth, Prashant.
Addressing Supply Chain Security with Split Manufacturing Ted Huffmire Summer UCI CECS Seminar July 27, 2012.

Addressing Supply Chain Security with Split Manufacturing Ted Huffmire Summer UCI CECS Seminar July 27, 2012.
3Dsec: Trustworthy System Security through 3-D Integrated Hardware Ted Huffmire 14 January 2009.

3Dsec: Trustworthy System Security through 3-D Integrated Hardware Ted Huffmire 14 January 2009.
Preventing Piracy and Reverse Engineering of SRAM FPGAs Bitstream Lilian Bossuet 1,

Preventing Piracy and Reverse Engineering of SRAM FPGAs Bitstream Lilian Bossuet 1,
1 HW/SW Partitioning Embedded Systems Design. 2 Hardware/Software Codesign “Exploration of the system design space formed by combinations of hardware.

1 HW/SW Partitioning Embedded Systems Design. 2 Hardware/Software Codesign “Exploration of the system design space formed by combinations of hardware.
ENGIN112 L38: Programmable Logic December 5, 2003 ENGIN 112 Intro to Electrical and Computer Engineering Lecture 38 Programmable Logic.

ENGIN112 L38: Programmable Logic December 5, 2003 ENGIN 112 Intro to Electrical and Computer Engineering Lecture 38 Programmable Logic.
Department of Electrical and Computer Engineering Texas A&M University College Station, TX 77843-3128 Abstract 4-Level Elevator Controller Lessons Learned.

Department of Electrical and Computer Engineering Texas A&M University College Station, TX Abstract 4-Level Elevator Controller Lessons Learned.
Configurable System-on-Chip: Xilinx EDK

Configurable System-on-Chip: Xilinx EDK
Lecture 1: Introduction CS170 Spring 2015 Chapter 1, the text book. T. Yang.

Lecture 1: Introduction CS170 Spring 2015 Chapter 1, the text book. T. Yang.
HW/SW Co-Synthesis of Dynamically Reconfigurable Embedded Systems HW/SW Partitioning and Scheduling Algorithms.

HW/SW Co-Synthesis of Dynamically Reconfigurable Embedded Systems HW/SW Partitioning and Scheduling Algorithms.
הטכניון - מכון טכנולוגי לישראל הפקולטה להנדסת חשמל Technion - Israel institute of technology department of Electrical Engineering Virtex II-PRO Dynamical.

הטכניון - מכון טכנולוגי לישראל הפקולטה להנדסת חשמל Technion - Israel institute of technology department of Electrical Engineering Virtex II-PRO Dynamical.

Similar presentations

Ads by Google