Collaborative Research: SaTC: CORE: Medium: Hardware Security Insights: Analyzing Hardware Designs to Understand and Assess Security Weaknesses and Vulnerabilities

协作研究：SaTC：核心：中：硬件安全见解：分析硬件设计以了解和评估安全弱点和漏洞

• 批准号: 2247755
• 负责人: Ryan Kastner
• 金额: $ 57.1万
• 依托单位: University of California-San Diego
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-07-01 至 2027-06-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2247755&HistoricalAwards=false
• 关键词: Collaborative; Research; SaTC; CORE; Medium

This project’s goal is to develop better methods for understanding how information flows in computer hardware designs, and thus increase their security. The microprocessors, wireless modems, graphics processing units, and other hardware components at the heart of all computing devices are designed by engineers using low-level hardware description languages. These designs are complex, making it difficult to reason about security vulnerabilities that may allow attackers to extract valuable secret information like cryptographic keys and personally identifiable information. Hardware security verification aims to identify hardware weaknesses, patch potential vulnerabilities, and mitigate the harm of attacks. Understanding how information flows in hardware designs can help verification engineers to assess whether secret data can be extracted by an attacker and to develop designs that prevent those vulnerable flows.The project is structured around three main aims that together will lead to improved tools for insights around hardware information flow tracking. The first aim is to automate the generation of information-flow properties, which can then be verified by existing tools. The second is to develop testbenches that fully exercise possible information flows through a design, using angelic execution oracles designed to maximize coverage of possible information flows. The third is to develop a new “hyperflow analysis” framework that provides both analytic representations to support algorithms for hardware design and verification, and visual representations that help verification engineers explore hardware vulnerabilities through an information-flow lens. The work will involve a number of undergraduate and graduate students, contributing to the development of the computer security workforce.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

这个项目的目标是开发更好的方法来理解信息如何在计算机硬件设计中流动，从而增加它们的安全性。微处理器、无线调制解调器、图形处理单元和其他所有计算设备的核心硬件组件都是由工程师使用低级硬件描述语言设计的。这些设计很复杂，很难推断出安全漏洞，这些漏洞可能允许攻击者提取有价值的秘密信息，如加密密钥和个人身份信息。硬件安全验证的目的是识别硬件的弱点，修补潜在的漏洞，减轻攻击的危害。了解硬件设计中的信息流可以帮助验证工程师评估秘密数据是否可以被攻击者提取，并开发防止这些易受攻击的信息流的设计。该项目围绕三个主要目标进行构建，这三个目标共同将导致改进的工具，以了解硬件信息流跟踪。第一个目标是自动化信息流属性的生成，然后可以通过现有工具进行验证。第二种方法是开发测试平台，通过设计充分执行可能的信息流，使用天使般的执行预言，以最大限度地覆盖可能的信息流。第三是开发一种新的“超流分析”框架，该框架既提供支持硬件设计和验证算法的分析表示，也提供帮助验证工程师通过信息流透镜探索硬件漏洞的可视化表示。这项工作将涉及一些本科生和研究生，为计算机安全队伍的发展做出贡献。该奖项反映了美国国家科学基金会的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Isadora: automated information-flow property generation for hardware security verification

• DOI: 10.1007/s13389-022-00306-w
• 发表时间: 2022-11
• 期刊: Journal of Cryptographic Engineering
• 影响因子: 1.9
• 作者: Calvin Deutschbein;Andres Meza;Francesco Restuccia;R. Kastner;C. Sturton

Special Session: CAD for Hardware Security - Promising Directions for Automation of Security Assurance

• DOI: 10.1109/vts56346.2023.10140100
• 发表时间: 2023-04
• 期刊: 2023 IEEE 41st VLSI Test Symposium (VTS)
• 作者: Sohrab Aftabjahani;M. Tehranipoor;Farimah Farahmandi;Bulbul Ahmed;R. Kastner;Francesco Restuccia;Andres Meza;Kaki Ryan;Nicole Fern;J. V. Woudenberg;Rajesh Velegalati;Cees-Bart Breunesse;C. Sturton;Calvin Deutschbein

Automated Generation, Verification, and Ranking of Secure SoC Access Control Policies

安全 SoC 访问控制策略的自动生成、验证和排序

• DOI: 10.1145/3576914.3587508
• 发表时间: 2023
• 期刊: CPS-IoT Week '23: Cyber-Physical Systems and Internet of Things
• 作者: Meza, Andres;Kastner, Ryan
• 通讯作者: Kastner, Ryan