Collaborative Research: SaTC: CORE: Medium: Hardware Security Insights: Analyzing Hardware Designs to Understand and Assess Security Weaknesses and Vulnerabilities

协作研究：SaTC：核心：中：硬件安全见解：分析硬件设计以了解和评估安全弱点和漏洞

• 批准号: 2247755
• 负责人: Ryan Kastner
• 金额: $ 57.1万
• 依托单位: University of California-San Diego
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-07-01 至 2027-06-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2247755&HistoricalAwards=false
• 关键词: Collaborative; Research; SaTC; CORE; Medium

This project’s goal is to develop better methods for understanding how information flows in computer hardware designs, and thus increase their security. The microprocessors, wireless modems, graphics processing units, and other hardware components at the heart of all computing devices are designed by engineers using low-level hardware description languages. These designs are complex, making it difficult to reason about security vulnerabilities that may allow attackers to extract valuable secret information like cryptographic keys and personally identifiable information. Hardware security verification aims to identify hardware weaknesses, patch potential vulnerabilities, and mitigate the harm of attacks. Understanding how information flows in hardware designs can help verification engineers to assess whether secret data can be extracted by an attacker and to develop designs that prevent those vulnerable flows.The project is structured around three main aims that together will lead to improved tools for insights around hardware information flow tracking. The first aim is to automate the generation of information-flow properties, which can then be verified by existing tools. The second is to develop testbenches that fully exercise possible information flows through a design, using angelic execution oracles designed to maximize coverage of possible information flows. The third is to develop a new “hyperflow analysis” framework that provides both analytic representations to support algorithms for hardware design and verification, and visual representations that help verification engineers explore hardware vulnerabilities through an information-flow lens. The work will involve a number of undergraduate and graduate students, contributing to the development of the computer security workforce.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

该项目的目标是开发更好的方法来理解信息在计算机硬件设计中的流动方式，从而提高其安全性。所有计算设备的核心微处理器、无线调制解调器、图形处理单元和其他硬件组件均由工程师使用它来设计。这些设计很复杂，因此很难推断出可能允许攻击者提取有价值的秘密信息（例如加密密钥和个人身份信息）的安全漏洞。硬件安全验证的目的是识别硬件弱点，修补潜在的漏洞，并减轻了解信息在硬件设计中的流动方式可以帮助验证工程师评估攻击者是否可以提取秘密数据，并开发防止这些易受攻击的信息流的设计。该项目围绕三个主要目标构建，这三个目标共同将导致改进用于洞察硬件信息流跟踪的工具，第一个目标是自动生成信息流属性，然后可以通过现有工具进行验证，第二个目标是开发测试平台，通过使用天使来充分运用可能的信息流。旨在最大限度地覆盖可能的信息流的执行预言机。第三是开发一个新的“超流分析”框架，该框架既提供支持硬件设计和验证算法的分析表示，又提供帮助验证工程师通过信息流镜头探索硬件漏洞的视觉表示。这项工作将涉及许多本科生。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力优势和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Isadora: automated information-flow property generation for hardware security verification

Isadora：用于硬件安全验证的自动化信息流属性生成

• DOI: 10.1007/s13389-022-00306-w
• 发表时间: 2022-11-11
• 期刊: Journal of Cryptographic Engineering
• 影响因子: 1.9
• 作者: Calvin Deutschbein;Andres Meza;Francesco Restuccia;R. Kastner;C. Sturton
• 通讯作者: C. Sturton

Special Session: CAD for Hardware Security - Promising Directions for Automation of Security Assurance

特别会议：硬件安全 CAD - 安全保障自动化的有希望的方向

• DOI: 10.1109/vts56346.2023.10140100
• 发表时间: 2023-04
• 期刊: 2023 IEEE 41st VLSI Test Symposium (VTS
• 作者: Aftabjahani, Sohrab;Tehranipoor, Mark;Farahmandi, Farimah;Ahmed, Bulbul;Kastner, Ryan;Restuccia, Francesco;Meza, Andres;Ryan, Kaki;Fern, Nicole;van Woudenberg, Jasper;et al
• 通讯作者: et al

Automated Generation, Verification, and Ranking of Secure SoC Access Control Policies

安全 SoC 访问控制策略的自动生成、验证和排序

• DOI: 10.1145/3576914.3587508
• 发表时间: 2023-05
• 期刊: CPS-IoT Week '23: Cyber-Physical Systems and Internet of Things
• 作者: Meza, Andres;Kastner, Ryan
• 通讯作者: Kastner, Ryan