CCRI: ENS: Enhancement of Trust-Hub, a Web-based Portal to support the Cybersecurity Research Community

CCRI：ENS：增强 Trust-Hub，这是一个支持网络安全研究社区的基于 Web 的门户网站

• 批准号: 2016624
• 负责人: Mark Tehranipoor
• 金额: $ 98.07万
• 依托单位: University of Florida
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2020
• 资助国家: 美国
• 起止时间: 2020-07-15 至 2024-06-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2016624&HistoricalAwards=false
• 关键词: CCRI; ENS; Enhancement; Trust; Hub

Concerns about electronic hardware and supply chain security have received a tremendous amount of attention over the past decade or so. Although researchers have offered solutions and security mechanisms to mitigate the issues, they do not still evaluate their effectiveness in a systematic manner. Some research is still being carried out in an ad-hoc fashion where the published results rely on figures of merit that limit objective cross-field comparisons. However, this has become vital as system-on-chips (SoCs) become pervasive in virtually every application (mobile, internet of things (IoT), and critical systems). This project aims to build platforms to validate benchmarks, develop tools and metrics to validate SoC security, and create a web-portal to disseminate and promote research and development in securing electronics devices and systems. The intellectual merits of this project include development of (i) a comprehensive SoC vulnerability database, (ii) a comprehensive set of metrics based on the vulnerability database, (iii) SoC security validation tool suite, and (iv) SoC benchmarking. This project leads a community-wide framework, called the Trust-Hub, toward stronger assurances in SoCs, computational platforms, and the electronics supply chain. Based on the demonstrated success of information sharing, Trust-Hub will serve as an important web-based repository for benchmarks, tools, databases, platforms, evaluation software, source codes, and much more.The results will interest major semiconductor companies, US government agencies and university researchers worldwide. The broader impacts include benefits to the society by building secure and trustworthy electronic devices and systems for healthcare, defense, military, space, finance, transportation, automotive and other critical applications. The scientific results will be presented to the hardware and electronics security community, and to semiconductor companies and government agencies. Students will use the benchmarks and tools in the annual competitions. Finally, this project will support development of a workforce who understand the much-needed protection of electronics supply chain and intellectual property (IP).This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

在过去十年左右的时间里，对电子硬件和供应链安全的担忧受到了极大的关注。尽管研究人员已经提供了解决方案和安全机制来缓解这些问题，但他们仍然没有系统地评估其有效性。一些研究仍在以临时方式进行，所发表的结果依赖于限制客观跨领域比较的品质因数。然而，随着片上系统 (SoC) 几乎遍及所有应用（移动、物联网 (IoT) 和关键系统），这一点变得至关重要。该项目旨在构建平台来验证基准、开发工具和指标来验证 SoC 安全性，并创建一个门户网站来传播和促进电子设备和系统安全方面的研究和开发。该项目的智力优势包括开发 (i) 全面的 SoC 漏洞数据库，(ii) 基于漏洞数据库的一套全面的指标，(iii) SoC 安全验证工具套件，以及 (iv) SoC 基准测试。该项目领导了一个名为 Trust-Hub 的全社区框架，旨在为 SoC、计算平台和电子供应链提供更强有力的保证。基于信息共享所取得的成功，Trust-Hub 将成为一个重要的基于网络的基准、工具、数据库、平台、评估软件、源代码等存储库。其结果将引起主要半导体公司、美国政府的兴趣世界各地的机构和大学研究人员。更广泛的影响包括通过为医疗保健、国防、军事、太空、金融、交通、汽车和其他关键应用构建安全可靠的电子设备和系统，为社会带来好处。科学成果将提交给硬件和电子安全界、半导体公司和政府机构。学生将在年度竞赛中使用基准和工具。最后，该项目将支持培养一支了解电子供应链和知识产权 (IP) 急需保护的劳动力队伍。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力优势和更广泛的评估进行评估，被认为值得支持。影响审查标准。

项目成果

Adaptable and Divergent Synthetic Benchmark Generation for Hardware Security

硬件安全的适应性和发散性综合基准生成

• 发表时间: 2020-11
• 期刊: IEEE/ACM International Conference on Computer-Aided Design (ICCAD
• 作者: Amir, Sarah;Forte, Domenic
• 通讯作者: Forte, Domenic

Hardware Vulnerability Description, Sharing and Reporting: Challenges and Opportunities

硬件漏洞描述、分享和报告：挑战与机遇

• 发表时间: 2021-01
• 期刊: GOMACTech
• 作者: Bellay, Jeremy;Forte, Domenic;Martin, Robert;Taylor, Christopher
• 通讯作者: Taylor, Christopher

PATRON: A Pragmatic Approach for Encoding LFI Resistant FSMs

PATRON：编码抗 LFI FSM 的实用方法

• 发表时间: 2021-01
• 期刊: Automation and Test in Europe (DATE
• 作者: Choudhury, Muhtadi;Tajik, Shahin;Forte, Domenic
• 通讯作者: Forte, Domenic

EXERTv2: Exhaustive Integrity Analysis for Information Flow Security with FSM Integration

EXERTv2：通过 FSM 集成对信息流安全进行详尽的完整性分析

• DOI: 10.1007/s41635-023-00141-3
• 发表时间: 2023-12-26
• 期刊: Journal of Hardware and Systems Security
• 作者: Jiaming Wu;Domenic Forte
• 通讯作者: Domenic Forte