Overcoming an Untrusted Computing Base: Detecting and Removing Malicious Hardware Automatically

Authors:
Matthew Hicks;Murph Finnicum;Samuel T. King;Milo M. K. Martin;Jonathan M. Smith
Affiliations:
-;-;-;-;-
Venue:
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Year:
2010

Citing 0
Cited 11

DISTROY: detecting integrated circuit Trojans with compressive measurements

HotSec'11 Proceedings of the 6th USENIX conference on Hot topics in security
Wireless security techniques for coordinated manufacturing and on-line hardware trojan detection

Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
VeriTrust: verification for hardware trust

Proceedings of the 50th Annual Design Automation Conference
SAFER PATH: security architecture using fragmented execution and replication for protection against trojaned hardware

DATE '12 Proceedings of the Conference on Design, Automation and Test in Europe
FANCI: identification of stealthy malicious logic using boolean functional analysis

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Towards reducing the attack surface of software backdoors

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Control-Alt-Hack: the design and evaluation of a card game for computer security awareness and education

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Stealthy dopant-level hardware trojans

CHES'13 Proceedings of the 15th international conference on Cryptographic Hardware and Embedded Systems
Securing computer hardware using 3D integrated circuit (IC) technology and split manufacturing for obfuscation

SEC'13 Proceedings of the 22nd USENIX conference on Security
Temperature tracking: an innovative run-time approach for hardware Trojan detection

Proceedings of the International Conference on Computer-Aided Design
Hardware security: threat models and metrics

Proceedings of the International Conference on Computer-Aided Design

Quantified Score

Hi-index	0.00

Visualization

Abstract

The computer systems security arms race between attackers and defenders has largely taken place in the domain of software systems, but as hardware complexity and design processes have evolved, novel and potent hardware-based security threats are now possible. This paper presents a hybrid hardware/software approach to defending against malicious hardware. We propose BlueChip, a defensive strategy that has both a design-time component and a runtime component. During the design verification phase, BlueChip invokes a new technique, unused circuit identification (UCI), to identify suspicious circuitry—those circuits not used or otherwise activated by any of the design verification tests. BlueChip removes the suspicious circuitry and replaces it with exception generation hardware. The exception handler software is responsible for providing forward progress by emulating the effect of the exception generating instruction in software, effectively providing a detour around suspicious hardware. In our experiments, BlueChip is able to prevent all hardware attacks we evaluate while incurring a small runtime overhead.