A Cautionary Note Regarding the Data Integrity Capacity of Certain Secure Systems

Irvine, Cynthia E.; Levin, Timothy E.

doi:10.1007/978-0-387-35583-2_1

Cited by 9 publications

(7 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Given that different design tools produce a set of interoperating cores, and in the absence of an overarching security architecture, you can only trust your final system as much as you trust your leasttrusted design path. 6 If there is security-critical functionality (such as a unit that protects and operates on secret keys), there is no way to verify that other cores cannot snoop on it or tamper with it.…”

Section: The Composition Problemmentioning

confidence: 99%

Managing Security in FPGA-Based Embedded Systems

Huffmire

Brotherton

Sherwood³

et al. 2008

IEEE Des. Test. Comput.

View full text Add to dashboard Cite

&BECAUSE FPGAS CAN provide a useful balance between performance, rapid time to market, and flexibility, they have become the primary source of computation in many critical embedded systems. 1,2 The aerospace industry, for example, relies on FPGAs to control everything from the Joint Strike Fighter to the Mars Rover. Face recognition systems, wireless networks, intrusion detection systems, and supercomputers, all of which are employed in large security applications, also use FPGAs. In fact, in 2005 alone, an estimated 80,000 different commercial FPGA design projects began. 3 Because major IC manufacturers outsource most of their operations, 4 IP theft from a foundry is a serious concern. FPGAs provide a viable solution to this problem because the sensitive IP is not loaded onto the device until after it has been manufactured and delivered, making it harder for adversaries to target a specific application or user. Furthermore, modern FPGAs use bitstream encryption and other methods to protect IP once it is loaded onto the FPGA or an external memory. However, techniques beyond bitstream encryption are necessary to ensure FPGA design security. To save time and money, FPGA systems are typically cobbled together from a collection of existing computational cores, often obtained from third parties. These cores can be subverted during the design phase, by tampering with the tools used to translate the design to the cores or by tampering with the cores themselves. Building every core and tool from scratch is not economically feasible in most cases, and subversion can affect both third-party cores and cores developed in-house. Therefore, embedded designers need methods for securely composing systems comprising both trusted and untrusted components. 590 FPGAs combine the programmability of processors with the performance of custom hardware. As they become more common in critical embedded systems, new techniques are necessary to manage security in FPGA designs. This article discusses FPGA security problems and current research on reconfigurable devices and security, and presents security primitives and a component architecture for building highly secure systems on FPGAs.

show abstract

Section: The Composition Problemmentioning

confidence: 99%

Managing Security in FPGA-Based Embedded Systems

Huffmire

Brotherton

Sherwood³

et al. 2008

IEEE Des. Test. Comput.

View full text Add to dashboard Cite

show abstract

“…So, we say that the integrity of a modifiable object can be no higher than the greatest lower bound of the integrity, or trustworthiness, of the components on an execution path through which it is passed. [3] But, how trustworthy is a component? A component can be evaluated to determine how well it conforms to its specification and is free of hidden functions (here, "evaluated" means that the software is certified by a third party to have a level of assurance commensurate with the integrity of the data it is assigned to handle).…”

Section: Security Analysismentioning

confidence: 99%

“…The security of remote processing and network transmission are outside of the scope of this report, although technology for that security probably exists (e.g., through cryptographic 3 As opposed to its integrity label protection of IP packets). We also assume that the data, as created, reflects the creator's intent.…”

Section: Security Analysismentioning

confidence: 99%

Use of Trusted Software Modules for Emergency-Integrity Display

Levin¹,

Nguyen²,

Clark³

et al. 2008

Self Cite

View full text Add to dashboard Cite

“…For accounts of the difficulties involved in creating such trusted hardware see [13,31] for an attacker's perspective and [15,48] for a defender's perspective. Irvine and Levin [32] provide a warning about placing too much trust in the integrity of COTS.…”

Section: Related Workmentioning

confidence: 99%

Dynamic Policy Discovery with Remote Attestation

Pitcher

Riely

2006

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Remote attestation allows programs running on trusted hardware to prove their identity (and that of their environment) to programs on other hosts. Remote attestation can be used to address security concerns if programs agree on the meaning of data in attestations. This paper studies the enforcement of codeidentity based access control policies in a hostile distributed environment, using a combination of remote attestation, dynamic types, and typechecking. This ensures that programs agree on the meaning of data and cannot violate the access control policy, even in the presence of opponent processes. The formal setting is a π-calculus with secure channels, process identity, and remote attestation. Our approach allows executables to be typechecked and deployed independently, without the need for secure initial key and policy distribution beyond the trusted hardware itself.

show abstract

A Cautionary Note Regarding the Data Integrity Capacity of Certain Secure Systems

Cited by 9 publications

References 16 publications

Managing Security in FPGA-Based Embedded Systems

Managing Security in FPGA-Based Embedded Systems

Use of Trusted Software Modules for Emergency-Integrity Display

Dynamic Policy Discovery with Remote Attestation

Contact Info

Product

Resources

About