In Part 1 of this article, we explored five key factors that make security assurance of hardware technologies a challenge. This included the disruptive nature of research, the ever-expanding risk exposure, disproportionate user expectations, and more. In Part 2, I would like to explore how as a community we can work together to overcome these challenges.
“Failure is the mother of success.” The first step in building secure hardware technologies is to study and learn from the mistakes that designers commonly make. The good news is that these common hardware weaknesses no longer appear only as tribal knowledge.
The Common Weakness Enumeration (CWE) maintained by MITRE is a community-developed resource and has recently expanded to include almost 100 hardware weakness types.
Examples include issues concerning general circuit and logic design, security flows, debug and test, manufacturing and life cycle management, and more. It is crucial for architects, designers and verification teams to establish a firm understanding of each of these hardware weakness types and incorporate robust measures throughout the Security Development Lifecycle to prevent and detect similar issues from creeping into their technology products.
Next, recurring mistakes shown in Hardware CWE keep coming back year after year because the industry does not yet have the means to successfully prevent or detect them at scale. While developer education and adoption of best practices are very important, hardware development teams can also benefit from electronic design automation (EDA) solutions that are purposely built to assist users to develop secure product designs.
Most tools available today focus on detecting vulnerabilities after introduction. Yet, it is not uncommon to see designers attempting to fix a security issue while inadvertently introducing a new one.
The next generation of Smart EDA solutions should do the following:
Guide users to make design tradeoffs that balance security and functional considerations.
Hardware designs are vulnerable to a broad spectrum of threats and concerns. What are the common set of metrics that best characterize security robustness? With security objectives varying across technology products, how does the EDA solution know which ones are relevant for a given design? How would the metrics be translated into insights to help users embrace security as a top-of-mind priority?
Educate users on proper design-for-security best practices when security-sensitive design decisions are being made.
While classroom learning is one way to acquire secure-by-construction knowledge, seizing the on-the-job moments to raise user awareness can help reinforce adoption of important design practices. How would a smart solution offer timely security guidance that is actionable and prescriptive, but not overly intrusive?
Detect security issues at coding time and offer users reliable options in addressing them.
Word processors have been offering valuable help to users by highlighting and correcting spelling and grammatical mistakes inline when documents are being edited. Smarter versions offer options to improve the stylistic form of writing, and some even manage to analyze the context of the document and make suggestions to complete what the users are about to write. Likewise, a smart EDA solution can help users to identify and fix security vulnerabilities while code is being developed.
Recommend an optimized list of dynamic tests for execution.
Not all security properties can be verified by analyzing the design statically. Hardware simulation or emulation are required to monitor run-time behaviors essential in identifying weaknesses involving race conditions, interactions with firmware, security flows, and more. Today, the burden to identify what tests to run and what parameters to use falls on the shoulders of the development team.
Learn continuously from the user base to improve accuracy and quality.
No system is perfect, even for a smart EDA solution. A self-learning system leveraging artificial intelligence and crowd sourcing feedback has the potential to improve its capabilities over time.
Finally, in parallel to the relentless effort to keep security weaknesses out of the designs with the help of smart EDA solutions, innovation in systemic mitigations can also help to provide proven, security-robust building blocks that hardware designers can use to secure their technologies.
Software has been the primary attack target over the last decade. But the research community has made great strides in creating hardware-based solutions that secure software workloads running on top. These systemic mitigations help to significantly increase the barrier of attacks and minimize negative impacts of software exploitations, making practical attacks much harder to succeed even for the most determined adversaries. While software developers may continue to make common mistakes that previously could result in buffer overflows, many of these are no longer exploitable when hardware-based protections are active.
The hardware technology industry needs similar levels of research investments to that of software. Academic and industry research collaborations can help identify novel systemic mitigations that can make entire classes of common hardware weaknesses difficult for adversaries to exploit. Here are some examples of where researchers can help:
Fault-resilient electronics and circuits.
Circuits that are resilient against physical attacks offer a level of assurance for the computing logic built on top. Today’s C compilers generate binaries that are resilient against memory corruptions by automatically incorporating mitigations offered by the compiler, operating system and hardware platform. Likewise, hardware designers can benefit from design tools that automatically synthesize resilient circuits without user supervision. We need innovations that enable a device to detect when it is operated outside of the verified ranges, or self-heal to prolong the life span of its underlying electronics amid routine attacks.
Universal in-field update infrastructure.
As highlighted earlier, the landscape of remote update capabilities in hardware platforms today is similar to its software counterparts about a decade ago. Effective mechanisms are either missing or fragmented across technology providers. To keep up with the emerging threats and evolving product requirements, infrastructure that offers proactive updates covering all components of a system is essential.
Rather than having each vendor inventing its own infrastructure and protocol, a universal in-field update mechanism backed by industry standards supporting heterogenous architectures and devices could be a more viable option.
Privacy-preserving hardware telemetry.
Telemetry collection has been a common practice in the software world. During software installation, users are often asked to provide permission for the applications to collect data for diagnostic and product improvement purposes.
Likewise, hardware telemetry can provide crucial insights to designers to help root cause complex issues reported in the field, detect attacks in real-time, and accelerate development of effective mitigations that scale across systems with different configurations. Research learning could point hardware designers to an optimized set of hardware telemetry that is both effective and privacy-preserving.
While challenging, hardware security is easily one of the most rewarding technology disciplines today. Hardware technologies that are secure and trustworthy are instrumental to improving lives and changing the world. Security could not be a more worthwhile and valuable focus. Through collaborative research, industry organizations and academia can together accelerate our ability to build such a trusted and secure foundation.
About the Author:
Jason M. Fung, Director of Academic Research Engagement & Offensive Security Research, Intel