SECCOM: Securing composable hardware platforms

SECCOM：保护可组合硬件平台

• 批准号: EP/X037290/1
• 负责人: John Goodacre
• 金额: $ 100.62万
• 依托单位: University of Manchester
• 依托单位国家: 英国
• 项目类别: Research Grant
• 财政年份: 2023
• 资助国家: 英国
• 起止时间: 2023 至 无数据
• 项目状态: 未结题
• 来源: https://gtr.ukri.org/projects?ref=EP%2FX037290%2F1
• 关键词: SECCOM; Securing; composable; hardware; platforms

Aligned with the UK Research Institute in Secure Hardware and Embedded Systems (RISE), this project seeks to identify and address the critical security issues arising from the creation of hardware platforms through the use of composable hardware systems. Predominantly, current hardware architectures are statically defined and deliver therefore a predetermined level of security and properties by which its resilience can be verified. In the simplest case, a static design supporting hardware extension, for example through a exported bus, such as PCIe, will deviate from the design's initial security principles and will require mechanisms of encapsulation in its security model to constrain the indeterminable mechanisms by which extension of a system can perturb a static security model. Although the provision of composable hardware may have understood security principles covering the creation of the resulting hardware platform, the arbitrary nature of composing the elements of a computer means that the resulting permutations lack any model of security by which threat models and mitigations can be evaluated. The project proposes to conceptualise and evaluate across the design space of composable hardware platforms to discover whether key security properties and threat models can be extracted and used to create a security model from which the security of composed hardware can be validated. Further, given the dynamic nature of composed hardware, we will also investigate whether composed hardware can use dynamic verification mechanisms to assert security policy at runtime. Beginning with platforms composed using PCI express switches in which the devices of a host can be shared and allocated dynamically between hosts, we will investigate the evolving and increased flexibility from Compute Express Link (CXL) and its ability to remove the host and device hierarchy while permitting any compute element to be a host or device while also providing shared access across the platform. The objective outcome is to provide industry with a security model for a composed hardware platform from which security principles can be reasoned and demonstrated by its dynamic verification.

该项目与英国安全硬件和嵌入式系统研究所（RISE）合作，旨在通过使用可组合硬件系统来识别和解决硬件平台创建过程中产生的关键安全问题。当前的硬件架构主要是静态定义的，因此提供了预定级别的安全性和属性，通过这些属性可以验证其弹性。 在最简单的情况下，支持硬件扩展（例如通过诸如PCIe的输出总线）的静态设计将偏离设计的初始安全原则，并且将需要在其安全模型中的封装机制来约束系统的扩展可能扰乱静态安全模型的不确定机制。尽管可组合硬件的提供可能已经理解了涵盖最终硬件平台的创建的安全原则，但组成计算机元素的任意性质意味着最终排列缺乏任何可以评估威胁模型和缓解措施的安全模型。该项目建议在可组合硬件平台的设计空间中进行概念化和评估，以发现是否可以提取关键的安全属性和威胁模型，并用于创建一个安全模型，从而验证组合硬件的安全性。此外，鉴于组合硬件的动态特性，我们还将研究组合硬件是否可以使用动态验证机制，在运行时断言安全策略。从使用PCI Express交换机组成的平台开始，其中主机的设备可以在主机之间动态共享和分配，我们将研究Compute Express Link（CXL）的不断发展和增加的灵活性，以及它消除主机和设备层次结构的能力，同时允许任何计算元素成为主机或设备，同时还提供跨平台的共享访问。其目标是为工业界提供一个组合硬件平台的安全模型，并通过动态验证来推理和证明安全原则。