Skip to main content
SpringerLink
Log in

Systematic Security Assessment at an Early Processor Design Stage

  • Conference paper
Trust and Trustworthy Computing (Trust 2011)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6740))

Included in the following conference series:

Abstract

One critical aspect of a secure hardware design is the ability to measure a design’s security. In this paper, we propose a hardware security assessment scheme that provides a systematic way of measuring and categorizing a hardware feature’s security concern at an early design stage. The proposed scheme is developed to measure security exposure and risk of a design. The scheme takes a two level questionnaire format and scores a feature based on the answers to the questions. Based on the security score, a feature is then categorized into no, low, medium or high security concern. We discuss several representative questions in detail and evaluate a number of current and future processor features using the scheme. Overall, the assessments from our scheme concur with the security evaluation results by industry security experts, providing an effective security measurement for hardware designs.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Common Criterial Portal. Common criteria for information technology security evaluation part 1: introduction and general model (July 2009)

    Google Scholar 

  2. Duflot, L., Grumelard, O., Levillain, O., Morin, B.: Getting into the SMRAM: SMM reloaded. In: Proceedings of the 10th CanSecWest Conference (2009)

    Google Scholar 

  3. Ferraiolo, K.: The systems security engineering capability maturity model (SSE-CMM) (June 2003), http://www.sse-cmm.org/model/

  4. Forum of Incident Response and Security Teams (FIRST). CVSS, http://www.first.org/cvss/

  5. Grawrock, D.: The Intel safer computing initiative: building blocks for trusted computing (computer system design) (2006)

    Google Scholar 

  6. Intel Corp. Intel® trusted execution technology software development guide (2009)

    Google Scholar 

  7. Intel Corp. Intel® 64 and IA-32 architectures software developer manual (#253668) (2010)

    Google Scholar 

  8. Intel Corp. Intel® 64 and IA-32 architectures software developer manual (#253669) (2010)

    Google Scholar 

  9. Kelsey, J., Schneier, B., Wagner, D., Hall, C.: Side channel cryptanalysis of product ciphers. Journal of Computer Security 8(2,3), 141–158 (2000)

    Article  Google Scholar 

  10. Lie, D., Satyanarayanan, M.: Quantifying the strength of security systems. In: Proceedings of the 2nd USENIX Workshop on Hot Topics in Security (2007)

    Google Scholar 

  11. Manadhata, P.K., Kaynar, D.K., Wing, J.M.: A formal model for a system’s attack surface (2007)

    Google Scholar 

  12. Schechter, S.E.: How to buy better testing: using competition to get the most security and robustness for your dollar. In: Infrastructure Security Conference (2002)

    Google Scholar 

  13. Schechter, S.E.: Quantitatively differentiating system security. In: The First Workshop on Economics and Information Security (2002)

    Google Scholar 

  14. Schechter, S.E.: Toward econometric models of the security risk from remote attack. IEEE Security and Privacy 3, 40–44 (2005)

    Article  Google Scholar 

  15. Sibert, O., Porras, P.A., Lindell, R.: An analysis of the Intel 80x86 security architecture and implementations. IEEE Transactions on Software Engineering 22, 283–293 (1996)

    Article  Google Scholar 

  16. Strongin, G.: Trusted computer using AMD “Pacifica” and “Presidio” secure virtual machine technology (2005)

    Google Scholar 

  17. Jansen, W.: Directions in security metrics research (April 2009)

    Google Scholar 

  18. Wojtczuk, R., Rutkowska, J.: Attacking Intel® trusted execution technology (2008), Invisible Things Lab

    Google Scholar 

  19. Wojtczuk, R., Rutkowska, J.: Attacking SMM memory via Intel® CPU cache poisoning (2009), Invisible Things Lab

    Google Scholar 

  20. Zhou, Y., Feng, D.: Side-channel attacks: ten years after its publication and the mpacts on cryptographic module security testing. Cryptology ePrint Archive, Report 2005/388 (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Cornell University, Ithaca, NY, 14853, USA

    Ruirui Huang & G. Edward Suh

  2. Intel, Hillsboro, OR, 97124, USA

    David Grawrock & David C. Doughty

Authors
  1. Ruirui Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. David Grawrock
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. David C. Doughty
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. G. Edward Suh
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Carnegie Mellon University, 5000 Forbes Ave, 15213, Pittsburgh, PA, USA

    Jonathan M. McCune  & Adrian Perrig  & 

  2. Hewlett-Packard Labs, Long Down Ave, BS34 8QZ, Stoke Gifford, Bristol, UK

    Boris Balacheff

  3. TU Darmstadt / Fraunhofer SIT, Mornewegstr.32, 64293, Darmstadt, Germany

    Ahmad-Reza Sadeghi

  4. University College London, Gower Street, WC1E 6BT, London, UK

    Angela Sasse

  5. Hewlett Packard Labs, Long Down Ave, BS34 8QZ, Stoke Gifford, Bristol, UK

    Yolanta Beres

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Huang, R., Grawrock, D., Doughty, D.C., Suh, G.E. (2011). Systematic Security Assessment at an Early Processor Design Stage. In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, AR., Sasse, A., Beres, Y. (eds) Trust and Trustworthy Computing. Trust 2011. Lecture Notes in Computer Science, vol 6740. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21599-5_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-21599-5_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-21598-8

  • Online ISBN: 978-3-642-21599-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation