Collaborative Research: CT-T: Adaptive Security and Separation in Reconfigurable Hardware

合作研究：CT-T：可重构硬件中的自适应安全和分离

• 批准号: 0524707
• 负责人: Cynthia Irvine
• 金额: $ 28.26万
• 依托单位: Naval Postgraduate School
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2005
• 资助国家: 美国
• 起止时间: 2005-08-01 至 2008-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0524707&HistoricalAwards=false
• 关键词: Collaborative; Research; CT; Adaptive; Security

From Bluetooth transceivers to the NASA Mars Rover, reconfigurable circuits have become one of the mainstays of embedded design. Combining the high computational performance of specialized circuits with the re-programmability of software, these devices are quickly becoming ubiquitous. Unfortunately, if unprotected, this reconfigurability could be exploited to disrupt critical operations, snoop on supposedly secure channels, or even to physically melt a device. However, a new approach to controlling changes to the hardware logic promises to overcome these problems. In addition, the innate malleability of this hardware presents the opportunity for hardware enforcement of adaptive security policies. For example, in an emergency, trusted individuals may need to override the nominal security policy. Thus, the reconfigurable component may provide a highly trusted mechanism for secure functionality in changing environments.This research aims to close a gaping security hole in our nation's information infrastructure by enhancing the logical structure and internal management of reconfigurable hardware to enforce a dynamic information protection policy. Specifically, this research will: (1) discover hardware synthesis and static validation methods that will ensure that only secure and non-destructive configurations can be loaded, (2) develop new reconfigurable structures capable of securely mediating run-time access to shared resources through the use of hardware-compiled formal access policy languages, and (3) establish a firm foundation for trustworthy dynamic policy enforcement through ontological analysis, formal modeling and the development of management mechanisms integrating the results of the first two activities.

从蓝牙收发器到NASA火星探测器，可重构电路已成为嵌入式设计的支柱之一。将专用电路的高计算性能与软件的可重新编程性相结合，这些设备正迅速变得无处不在。不幸的是，如果不受保护，这种可重新配置性可能会被利用来破坏关键操作，窥探所谓的安全通道，甚至物理熔化设备。 然而，一种控制硬件逻辑变化的新方法有望克服这些问题。 此外，这种硬件固有的延展性为硬件执行自适应安全策略提供了机会。 例如，在紧急情况下，受信任的个人可能需要覆盖名义上的安全策略。因此，可重构组件可以提供一个高度可信的机制，在不断变化的环境中的安全功能。本研究的目的是关闭一个巨大的安全漏洞，在我国的信息基础设施，通过加强可重构硬件的逻辑结构和内部管理，以执行一个动态的信息保护策略。具体而言，这项研究将：（1）发现硬件综合和静态验证方法，其将确保仅可以加载安全和非破坏性配置，（2）开发能够通过使用硬件编译的形式访问策略语言来安全地调解对共享资源的运行时访问的新的可重新配置结构，（3）通过本体分析、形式化建模和管理机制的开发，为可信的动态策略执行奠定坚实的基础。