Abstract
One critical aspect of a secure hardware design is the ability to measure a design’s security. In this paper, we propose a hardware security assessment scheme that provides a systematic way of measuring and categorizing a hardware feature’s security concern at an early design stage. The proposed scheme is developed to measure security exposure and risk of a design. The scheme takes a two level questionnaire format and scores a feature based on the answers to the questions. Based on the security score, a feature is then categorized into no, low, medium or high security concern. We discuss several representative questions in detail and evaluate a number of current and future processor features using the scheme. Overall, the assessments from our scheme concur with the security evaluation results by industry security experts, providing an effective security measurement for hardware designs.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Common Criterial Portal. Common criteria for information technology security evaluation part 1: introduction and general model (July 2009)
Duflot, L., Grumelard, O., Levillain, O., Morin, B.: Getting into the SMRAM: SMM reloaded. In: Proceedings of the 10th CanSecWest Conference (2009)
Ferraiolo, K.: The systems security engineering capability maturity model (SSE-CMM) (June 2003), http://www.sse-cmm.org/model/
Forum of Incident Response and Security Teams (FIRST). CVSS, http://www.first.org/cvss/
Grawrock, D.: The Intel safer computing initiative: building blocks for trusted computing (computer system design) (2006)
Intel Corp. Intel® trusted execution technology software development guide (2009)
Intel Corp. Intel® 64 and IA-32 architectures software developer manual (#253668) (2010)
Intel Corp. Intel® 64 and IA-32 architectures software developer manual (#253669) (2010)
Kelsey, J., Schneier, B., Wagner, D., Hall, C.: Side channel cryptanalysis of product ciphers. Journal of Computer Security 8(2,3), 141–158 (2000)
Lie, D., Satyanarayanan, M.: Quantifying the strength of security systems. In: Proceedings of the 2nd USENIX Workshop on Hot Topics in Security (2007)
Manadhata, P.K., Kaynar, D.K., Wing, J.M.: A formal model for a system’s attack surface (2007)
Schechter, S.E.: How to buy better testing: using competition to get the most security and robustness for your dollar. In: Infrastructure Security Conference (2002)
Schechter, S.E.: Quantitatively differentiating system security. In: The First Workshop on Economics and Information Security (2002)
Schechter, S.E.: Toward econometric models of the security risk from remote attack. IEEE Security and Privacy 3, 40–44 (2005)
Sibert, O., Porras, P.A., Lindell, R.: An analysis of the Intel 80x86 security architecture and implementations. IEEE Transactions on Software Engineering 22, 283–293 (1996)
Strongin, G.: Trusted computer using AMD “Pacifica” and “Presidio” secure virtual machine technology (2005)
Jansen, W.: Directions in security metrics research (April 2009)
Wojtczuk, R., Rutkowska, J.: Attacking Intel® trusted execution technology (2008), Invisible Things Lab
Wojtczuk, R., Rutkowska, J.: Attacking SMM memory via Intel® CPU cache poisoning (2009), Invisible Things Lab
Zhou, Y., Feng, D.: Side-channel attacks: ten years after its publication and the mpacts on cryptographic module security testing. Cryptology ePrint Archive, Report 2005/388 (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Huang, R., Grawrock, D., Doughty, D.C., Suh, G.E. (2011). Systematic Security Assessment at an Early Processor Design Stage. In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, AR., Sasse, A., Beres, Y. (eds) Trust and Trustworthy Computing. Trust 2011. Lecture Notes in Computer Science, vol 6740. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21599-5_12
Download citation
DOI: https://doi.org/10.1007/978-3-642-21599-5_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21598-8
Online ISBN: 978-3-642-21599-5
eBook Packages: Computer ScienceComputer Science (R0)