Collaborative Research: SaTC: CORE: Medium: Hardware Security Insights: Analyzing Hardware Designs to Understand and Assess Security Weaknesses and Vulnerabilities

协作研究：SaTC：核心：中：硬件安全见解：分析硬件设计以了解和评估安全弱点和漏洞

• 批准号: 2247754
• 负责人: Cynthia Sturton
• 金额: $ 57.1万
• 依托单位: University of North Carolina at Chapel Hill
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-07-01 至 2027-06-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2247754&HistoricalAwards=false
• 关键词: Collaborative; Research; SaTC; CORE; Medium

This project’s goal is to develop better methods for understanding how information flows in computer hardware designs, and thus increase their security. The microprocessors, wireless modems, graphics processing units, and other hardware components at the heart of all computing devices are designed by engineers using low-level hardware description languages. These designs are complex, making it difficult to reason about security vulnerabilities that may allow attackers to extract valuable secret information like cryptographic keys and personally identifiable information. Hardware security verification aims to identify hardware weaknesses, patch potential vulnerabilities, and mitigate the harm of attacks. Understanding how information flows in hardware designs can help verification engineers to assess whether secret data can be extracted by an attacker and to develop designs that prevent those vulnerable flows.The project is structured around three main aims that together will lead to improved tools for insights around hardware information flow tracking. The first aim is to automate the generation of information-flow properties, which can then be verified by existing tools. The second is to develop testbenches that fully exercise possible information flows through a design, using angelic execution oracles designed to maximize coverage of possible information flows. The third is to develop a new “hyperflow analysis” framework that provides both analytic representations to support algorithms for hardware design and verification, and visual representations that help verification engineers explore hardware vulnerabilities through an information-flow lens. The work will involve a number of undergraduate and graduate students, contributing to the development of the computer security workforce.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

该项目的目标是开发更好的方法来理解信息如何在计算机硬件设计中流动，从而提高其安全性。微处理器、无线调制解调器、图形处理单元和所有计算设备核心的其他硬件组件都是由工程师使用低级硬件描述语言设计的。这些设计很复杂，很难推理出可能允许攻击者提取有价值的秘密信息（如加密密钥和个人身份信息）的安全漏洞。硬件安全验证旨在识别硬件弱点，修补潜在漏洞，并减轻攻击的危害。了解硬件设计中的信息流可以帮助验证工程师评估秘密数据是否可以被攻击者提取，并开发防止这些脆弱流的设计。该项目围绕三个主要目标构建，这些目标将共同导致改进的硬件信息流跟踪工具。第一个目标是自动生成信息流属性，然后可以通过现有工具进行验证。第二个是开发测试台，通过设计充分行使可能的信息流，使用天使般的执行神谕，旨在最大限度地覆盖可能的信息流。第三个是开发一个新的“超流分析”框架，提供分析表示，以支持硬件设计和验证算法，并通过信息流透镜，帮助验证工程师探索硬件漏洞的视觉表示。这项工作将涉及一些本科生和研究生，有助于计算机安全劳动力的发展。这个奖项反映了NSF的法定使命，并已被认为是值得通过使用基金会的智力价值和更广泛的影响审查标准进行评估的支持。