Principles of CMOS VLSI design: a systems perspective
Principles of CMOS VLSI design: a systems perspective
Hypervisor-based fault tolerance
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
The Byzantine Generals Problem
ACM Transactions on Programming Languages and Systems (TOPLAS)
IEEE Spectrum
A survey of rollback-recovery protocols in message-passing systems
ACM Computing Surveys (CSUR)
Silicon physical random functions
Proceedings of the 9th ACM conference on Computer and communications security
Internal architecture of Alpha 21164 microprocessor
COMPCON '95 Proceedings of the 40th IEEE Computer Society International Conference
Design and Analysis of Dual-Rail Circuits for Security Applications
IEEE Transactions on Computers
Design Method for Constant Power Consumption of Differential Logic Circuits
Proceedings of the conference on Design, Automation and Test in Europe - Volume 1
SubVirt: Implementing malware with virtual machines
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Trojan Detection using IC Fingerprinting
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Proceedings of the 1st ACM workshop on Virtual machine security
CPU Bugs, CPU Backdoors and Consequences on Security
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Trojan Side-Channels: Lightweight Hardware Trojans through Side-Channel Engineering
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
The epistemology of computer security
ACM SIGSOFT Software Engineering Notes
MOLES: malicious off-chip leakage enabled by side-channels
Proceedings of the 2009 International Conference on Computer-Aided Design
SeReCon: a secure reconfiguration controller for self-reconfigurable systems
International Journal of Critical Computer-Based Systems
A Trojan-resistant system-on-chip bus architecture
MILCOM'09 Proceedings of the 28th IEEE conference on Military communications
Design Assurance Strategy and Toolset for Partially Reconfigurable FPGA Systems
ACM Transactions on Reconfigurable Technology and Systems (TRETS)
Security analysis of India's electronic voting machines
Proceedings of the 17th ACM conference on Computer and communications security
Detecting/preventing information leakage on the memory bus due to malicious hardware
Proceedings of the Conference on Design, Automation and Test in Europe
Self-referencing: a scalable side-channel approach for hardware Trojan detection
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Scalable segmentation-based malicious circuitry detection and diagnosis
Proceedings of the International Conference on Computer-Aided Design
Towards Trustworthy Elections
Hardware trojans for inducing or amplifying side-channel leakage of cryptographic software
INTRUST'10 Proceedings of the Second international conference on Trusted Systems
VeriTrust: verification for hardware trust
Proceedings of the 50th Annual Design Automation Conference
FANCI: identification of stealthy malicious logic using boolean functional analysis
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Towards reducing the attack surface of software backdoors
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Implementation and implications of a stealth hard-drive backdoor
Proceedings of the 29th Annual Computer Security Applications Conference
Subverting system authentication with context-aware, reactive virtual machine introspection
Proceedings of the 29th Annual Computer Security Applications Conference
Hardware trojan resistant computation using heterogeneous COTS processors
ACSC '13 Proceedings of the Thirty-Sixth Australasian Computer Science Conference - Volume 135
Stealthy dopant-level hardware trojans
CHES'13 Proceedings of the 15th international conference on Cryptographic Hardware and Embedded Systems
Preventing backdoors in server applications with a separated software architecture
DIMVA'13 Proceedings of the 10th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
SEC'13 Proceedings of the 22nd USENIX conference on Security
Sapper: a language for hardware-level security policy enforcement
Proceedings of the 19th international conference on Architectural support for programming languages and operating systems
| Hi-index | 0.01 |
Hidden malicious circuits provide an attacker with a stealthy attack vector. As they occupy a layer below the entire software stack, malicious circuits can bypass traditional defensive techniques. Yet current work on trojan circuits considers only simple attacks against the hard-ware itself, and straightforward defenses. More complex designs that attack the software are unexplored, as are the countermeasures an attacker may take to bypass proposed defenses. We present the design and implementation of Illinois Malicious Processors (IMPs). There is a substantial design space in malicious circuitry; we show that an attacker, rather than designing one specific attack, can instead design hardware to support attacks. Such flexible hardware allows powerful, general purpose attacks, while remaining surprisingly low in the amount of additional hardware. We show two such hardware designs, and implement them in a real system. Further, we show three powerful attacks using this hardware, including a login backdoor that gives an attacker complete and high-level access to the machine. This login attack requires only 1341 additional gates: gates that can be used for other attacks as well. Malicious processors are more practical, more flexible, and harder to detect than an initial analysis would suggest.