CAREER: Untrusted Computing Base: Detecting and Removing Malicious Hardware

职业：不受信任的计算基础：检测和删除恶意硬件

• 批准号: 0953014
• 负责人: Samuel King
• 金额: $ 44.44万
• 依托单位: University of Illinois at Urbana-Champaign
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2010
• 资助国家: 美国
• 起止时间: 2010-03-01 至 2015-02-28
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0953014&HistoricalAwards=false
• 关键词: CAREER; Untrusted; Computing; Base; Detecting

Computer systems security is an arms race between defenders andattackers that has mainly been confined to softwaretechnologies. Increases in the complexity of hardware and the risingnumber of transistors per chip have created opportunities forhardware-based security threats. Among the most pernicious aremalicious hardware footholds inserted at design time, which anattacker can use as the basis of a computer system attack.This project explores of the feasibility of foothold attacks and afundamental design-time methodology for defending against them.First, this project looks at techniques for highlighting potentiallymalicious circuits in a design automatically. The basic algorithm,called dead circuit identification (DCI), analyzes hardwaredescription language source code and dynamic execution traces ofdesign verification tests to identify suspicious circuitry whoseresults do not impact the computation.The second aspect of this project is a system for removing suspiciouscircuits from a design automatically. The dead circuit elimination(DCE) tool removes suspicious circuits from a design by pushingpotentially malicious logic up to a higher layer where it can beanalyzed in more detail at runtime.The third aspect of this project is a new technique for generatingtest cases and perturbing existing test cases to search specificallyfor potentially malicious circuits.This project provides a pathway to detection and defense againstsecurity risks from hardware comprising attacks, making the enormousdisruptions possible with such attacks far more difficult than today.

计算机系统安全是防御者和拦截者之间的军备竞赛，主要局限于软件技术。硬件复杂性的增加和每个芯片上晶体管数量的增加为基于硬件的安全威胁创造了机会。其中最有害的是在设计时插入的恶意硬件立足点，攻击者可以将其用作计算机系统攻击的基础。本项目探索立足点攻击的可行性和基本的设计时方法来防御它们。首先，本项目着眼于自动突出设计中潜在恶性电路的技术。基本算法称为死电路识别(DCI)，通过分析硬件描述语言源代码和设计验证测试的动态执行轨迹来识别不影响计算的可疑电路。本项目的第二个方面是自动从设计中去除可疑电路。死电路消除(DCE)工具通过将潜在的恶意逻辑推到更高层来移除设计中的可疑电路，在运行时可以对其进行更详细的分析。该项目的第三个方面是一种新技术，用于生成测试用例并扰乱现有测试用例以特定地搜索潜在的恶意电路。该项目提供了一种检测和防御包含攻击的硬件的安全风险的途径，使此类攻击可能造成的巨大中断比现在困难得多。