Evaluating Security Requirements in a General-Purpose Processor by Combining Assertion Checkers with Code Coverage

Bilzor, Michael; Huffmire, Ted; Irvine, Cynthia; Levin, Tim

Evaluating Security Requirements in a General-Purpose Processor by Combining Assertion Checkers with Code Coverage

Active / Technical Report | Accession Number: ADA570802 |

Open PDF

Abstract:

The problem of malicious inclusions in hardware is an emerging threat, and detecting them is a difficult challenge. In this research, we enhance an existing method for creating assertion-based dynamic checkers, and demonstrate how behavioral security requirements can be derived from a processors architectural specification, then converted into security checkers that are part of the processors design. The novel contributions of this research are - We demonstrate the method using a set of assertions, derived from the architectural specification, on a full-scale open-source general-purpose processor design, called OpenRISC. Previous work used only a single assertion on a toy processor design. - We demonstrate the use of our checker-generator tool, called psl2hdl, which was created for this research. - We illustrate how the method can be used in concert with code coverage techniques, to either detect malicious inclusions or greatly narrow the search for malicious inclusions that use rare-event triggers.

Author(s):

Bilzor, Michael ; Huffmire, Ted ; Irvine, Cynthia ; Levin, Tim

Author Organization(s):

NAVAL POSTGRADUATE SCHOOL MONTEREY CA

Descriptive Note:

Conference paper

Supplementary Note:

Proceedings of the IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), San Francisco, CA, June 2012, pp. 49-54

Pagination:

0007

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

Distribution Statement:

Approved For Public Release; Distribution Is Unlimited.

RECORD

Collection: TR

Identifying Numbers

Contract/Grant Number(s):

CNS-0910734

Monitor Series:

NSF

Subject Terms

Joint Capability Areas:

JCA_5_Command and Control; JCA_5.3_Planning; JCA_1.2.7_Experimentation; JCA_8_Building Partnerships; JCA_1.2_Force Preparation; JCA_1_Force Support; JCA_3.2_Engagement; JCA_3_Force Application; JCA_6_Net Centric; JCA_3.2.2_Non-Kinetic Means; JCA_6.4.1_Secure Information Exchange; JCA_8.2_Shape; JCA_6.4_Information Assurance

Modernization Areas:

Cyber; Microelectronics

Communities of Interest:

Cyber

Descriptor(s):

*COMPUTER SECURITY, CODING, PROCESSING EQUIPMENT, THREATS

Field(s)/Group(s):

Computer Systems Management and Standards

Keyword(s):

MALICIOUS INCLUSION

Report Date:

2012 Jun 01

Creation Date:

2013 Apr 01