Abstract
Hardware security vulnerabilities have taken on greater importance over the last decade as academic and industry research has brought the issue to the forefront. The scope and breadth of these vulnerabilities have made them difficult to classify as has been done for software and network systems with the well-known Common Vulnerabilities and Exposures (CVE) database maintained by the MITRE Corporation. As further hardware security research continues, there is a requirement to standardize the language and references of academics, industry, and government alike. Without this common lexicon it becomes exceedingly difficult and potentially confusing when exchanging ideas, concepts, and methodologies across various sectors. Building and maintaining a glossary of terms, concepts, and concerns allows for a focus towards further research and development in the field of hardware security. In this paper, we review the nascent efforts by academia and industry in categorizing and documenting the existing hardware security landscape. The contributions of our work is an examination of the existing community efforts in the classification of hardware weakness with a specific focus on the CWE database. While current efforts are helping to contour the hardware landscape, similar to the work already performed for software and networks, the field is still evolving, and more work is required.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
CAPEC view: Domains of attack. http://capec.mitre.org/data/definitions/3000.html
Common Vulnerabilities and Exposures. https://cve.mitre.org/index.html
CWE glossary. https://cwe.mitre.org/documents/glossary/index.html#Weakness
CWE view: Hardware design. https://cwe.mitre.org/data/definitions/1194.html
Cyber physical systems security committee G-32 established by SAE international. https://saemobilus.sae.org/cybersecurity/news/2019/03/cyber-physical-systems-security-committee-g-32-established-by-sae
Introduction to STIX. https://oasis-open.github.io/cti-documentation/stix/intro
Introduction to TAXII. https://oasis-open.github.io/cti-documentation/taxii/intro.html
OASIS cyber threat intelligence (CTI) TC. https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=cti
Trust-hub - the vulnerability database. https://trust-hub.org/vulnerability-db/physical-vulnerabilities
Altawy, R., Youssef, A.M.: Security, privacy, and safety aspects of civilian drones: a survey. ACM Trans. Cyber-Phys. Syst. 1(2), 1–25 (2016)
Bettayeb, M., Nasir, Q., Talib, M.A.: Firmware update attacks and security for IoT devices: survey. In: Proceedings of the ArabWIC 6th Annual International Conference Research Track, pp. 1–6 (2019)
Botero, U.J., et al.: Hardware trust and assurance through reverse engineering: a survey and outlook from image analysis and machine learning perspectives. arXiv preprint arXiv:2002.04210 (2020)
Camara, C., Peris-Lopez, P., Tapiador, J.E.: Security and privacy issues in implantable medical devices: a comprehensive survey. J. Biomed. Inform. 55, 272–289 (2015)
Coppolino, L., D’Antonio, S., Mazzeo, G., Romano, L.: A comprehensive survey of hardware-assisted security: from the edge to the cloud. Internet Things 6, 100055 (2019)
Giraldo, J., Sarkar, E., Cardenas, A.A., Maniatakos, M., Kantarcioglu, M.: Security and privacy in cyber-physical systems: a survey of surveys. IEEE Des. Test 34(4), 7–17 (2017)
Humayed, A., Lin, J., Li, F., Luo, B.: Cyber-physical systems security–a survey. IEEE Internet Things J. 4(6), 1802–1831 (2017)
Rostami, M., Koushanfar, F., Karri, R.: A primer on hardware security: models, methods, and metrics. In: Proceedings of the IEEE, vol. 102, no. 8, pp. 1283–1295 (2014)
Szefer, J.: Survey of microarchitectural side and covert channels, attacks, and defenses. J. Hardware Syst. Secur. 3(3), 219–234 (2019)
Tehranipoor, F., Karimian, N., Wortman, P.A., Haque, A., Fahrny, J., Chandy, J.A.: Exploring methods of authentication for the Internet of Things. In: Internet of Things, pp. 71–90. Chapman and Hall/CRC (2017)
Tehranipoor, M., et al.: TAME: trusted and assured microelectronics forum working groups report. https://www.erai.com/CustomUploads/ca/wp/TAME_Report.pdf, December 2019
Tschofenig, H., Baccelli, E.: Cyberphysical security for the masses: a survey of the internet protocol suite for internet of things security. IEEE Secur. Privacy 17(5), 47–57 (2019)
Urbina, D.I., et al.: Survey and new directions for physics-based attack detection in control systems. National Institute of Standards and Technology, US Department of Commerce (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Wortman, P.A., Tehranipoor, F., Chandy, J.A. (2021). Exploring the Coverage of Existing Hardware Vulnerabilities in Community Standards. In: Park, Y., Jadav, D., Austin, T. (eds) Silicon Valley Cybersecurity Conference. SVCC 2020. Communications in Computer and Information Science, vol 1383. Springer, Cham. https://doi.org/10.1007/978-3-030-72725-3_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-72725-3_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-72724-6
Online ISBN: 978-3-030-72725-3
eBook Packages: Computer ScienceComputer Science (R0)