论文信息 - Systematic Security Assessment at an Early Processor Design Stage

Systematic Security Assessment at an Early Processor Design Stage

One critical aspect of a secure hardware design is the ability to measure a design's security. In this paper, we propose a hardware security assessment scheme that provides a systematic way of measuring and categorizing a hardware feature's security concern at an early design stage. The proposed scheme is developed to measure security exposure and risk of a design. The scheme takes a two level questionnaire format and scores a feature based on the answers to the questions. Based on the security score, a feature is then categorized into no, low, medium or high security concern. We discuss several representative questions in detail and evaluate a number of current and future processor features using the scheme. Overall, the assessments from our scheme concur with the security evaluation results by industry security experts, providing an effective security measurement for hardware designs.

G. Edward Suh | David Grawrock | Ruirui C. Huang | David C. Doughty

[1] Robert Lindell,et al. An Analysis of the Intel 80x86 Security Architecture and Implementations , 1996, IEEE Trans. Software Eng..

[2] Stuart E. Schechter,et al. Quantitatively Differentiating System Security , 2002 .

[3] Dengguo Feng,et al. Side-Channel Attacks: Ten Years After Its Publication and the Impacts on Cryptographic Module Security Testing , 2005, IACR Cryptol. ePrint Arch..

[4] Wayne A. Jansen,et al. Directions in Security Metrics Research , 2009 .

[5] Bruce Schneier,et al. Side channel cryptanalysis of product ciphers , 2000 .

[6] Geoffrey Strongin. Trusted computing using AMD "Pacifica" and "Presidio" secure virtual machine technology , 2005, Inf. Secur. Tech. Rep..

[7] Stuart E. Schechter. Toward econometric models of the security risk from remote attacks , 2005, IEEE Security & Privacy.

[8] D. B. Davis,et al. Intel Corp. , 1993 .

[9] Mahadev Satyanarayanan,et al. Quantifying the Strength of Security Systems , 2007, HotSec.

[10] Stuart E. Schechter. How to Buy Better Testing , 2002, InfraSec.

[11] Jim Goldman,et al. Metrics based security assessment (MBSA): combining the ISO 17799 standard with the systems security engineering capability maturity model (SSE-CMM) , 2004 .

[12] Jeannette M. Wing,et al. A Formal Model for a System's Attack Surface , 2011, Moving Target Defense.