Improving Hardware Security During Design And Deployment

提高设计和部署过程中的硬件安全性

• 批准号: RGPIN-2022-03027
• 负责人: Tan, PengSengBenjamin
• 金额: $ 1.89万
• 依托单位: University of Calgary
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2022
• 资助国家: 加拿大
• 起止时间: 2022-01-01 至 2023-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=752367
• 关键词: Improving; Hardware; Security; During; Design

The proliferation of interconnected devices, such as the Internet of Things, gives embedded computers an outsize role in accessing and affecting parts of our day-to-day lives. The ever-growing complexity of embedded systems presents challenges for maintaining security across their lifecycles. As Canada works towards greater digitalization, the need for knowledge and skills in secure hardware design continues to grow. As hardware forms the foundation of a secure system, we need tools and techniques that support computer hardware engineers to address security concerns. This research program seeks to enhance the security of digital hardware designs and to produce resilient hardware architectures for system-on-chips (SoCs), with the long-term objective to enable holistic and automated security-aware approaches for embedded system design. The program is structured across two overarching research objectives: (1) Understand, identify, and mitigate hardware security weaknesses at the design stage: weaknesses, including unintended bugs or malicious insertions, manifest at different levels of design; some lie within modules while others stem from integrating different components from different vendors. To prevent flaws from presenting as security vulnerabilities in the field, we want to understand what can go wrong during the design process and gain insights into what information is needed to automate the analysis of designs for unintended security issues. (2) Develop and characterize architectures for in-field adaptability to respond to security issues: given the near impossibility of bug-free designs (at least in the context of time-to-market pressures and design trade-offs), we aim to devise different approaches to provide an SoC with the capability to adapt to newly discovered security issues in the field and explore hardware-based solutions for security-related monitoring and intervention. To explore the design space, we will work towards formalizing different notions of "patchability" so that one can perform design space exploration to trade-off costs against potential security benefits when generating a patching infrastructure. The two objectives are interrelated, where insights into complex hardware design weaknesses that escape early detection can inform research in architectures for field adaptability, and where insights from post-deployment patching can inform the analysis of weaknesses in new hardware designs. Research from the proposed program will lead towards new approaches for security-enhanced SoC architectures and insights that will support hardware designers in avoiding security pitfalls. From diving into hardware weaknesses, we will better understand design-time security issues, leading to improved security-enhanced design practices and automated security analysis tools for hardware. Exploring architectures for adaptability leads to new ways to enhance resilience and the lifetime of embedded systems.

物联网等互连设备的激增使嵌入式计算机在访问和影响我们日常生活的各个方面发挥着巨大的作用。嵌入式系统日益增长的复杂性给维护整个生命周期的安全性带来了挑战。随着加拿大努力实现更大的数字化，对安全硬件设计知识和技能的需求不断增长。由于硬件构成了安全系统的基础，我们需要支持计算机硬件工程师解决安全问题的工具和技术。该研究计划旨在增强数字硬件设计的安全性，并为片上系统（SoC）生产弹性硬件架构，其长期目标是为嵌入式系统设计提供整体和自动化的安全感知方法。该计划的结构涵盖两个总体研究目标：（1）在设计阶段了解、识别和减轻硬件安全弱点：弱点，包括意外错误或恶意插入，在不同的设计层面表现出来；有些位于模块内，而另一些则源于集成来自不同供应商的不同组件。为了防止缺陷在现场表现为安全漏洞，我们希望了解设计过程中可能出现的问题，并深入了解需要哪些信息来自动分析意外的安全问题的设计。 (2) 开发和表征用于现场适应性的架构，以响应安全问题：考虑到无错误设计几乎不可能（至少在上市时间压力和设计权衡的背景下），我们的目标是设计不同的方法来为 SoC 提供适应现场新发现的安全问题的能力，并探索基于硬件的解决方案以进行安全相关的监控和干预。为了探索设计空间，我们将努力将“可修补性”的不同概念形式化，以便人们可以在生成修补基础设施时进行设计空间探索，以权衡成本与潜在的安全优势。这两个目标是相互关联的，其中对逃避早期检测的复杂硬件设计弱点的洞察可以为现场适应性架构的研究提供信息，而从部署后修补中获得的洞察可以为新硬件设计中的弱点分析提供信息。拟议项目的研究将带来增强安全性的 SoC 架构的新方法和见解，从而支持硬件设计人员避免安全陷阱。通过深入研究硬件弱点，我们将更好地了解设计时安全问题，从而改进硬件的安全增强设计实践和自动化安全分析工具。探索适应性架构带来了增强嵌入式系统的弹性和生命周期的新方法。