Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cloud
    • Cybersecurity
    • IT Management

    Solving Your Hardware Security Challenges, Part 2

    Development teams can benefit from electronic design automation (EDA) solutions that are purposely built to assist users to develop secure product designs.

    By
    eWEEK EDITORS
    -
    November 4, 2021
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      In Part 1 of this article, we explored five key factors that make security assurance of hardware technologies a challenge. This included the disruptive nature of research, the ever-expanding risk exposure, disproportionate user expectations, and more. In Part 2, I would like to explore how as a community we can work together to overcome these challenges.

      “Failure is the mother of success.” The first step in building secure hardware technologies is to study and learn from the mistakes that designers commonly make. The good news is that these common hardware weaknesses no longer appear only as tribal knowledge.

      The Common Weakness Enumeration (CWE) maintained by MITRE is a community-developed resource and has recently expanded to include almost 100 hardware weakness types.

      Examples include issues concerning general circuit and logic design, security flows, debug and test, manufacturing and life cycle management, and more. It is crucial for architects, designers and verification teams to establish a firm understanding of each of these hardware weakness types and incorporate robust measures throughout the Security Development Lifecycle to prevent and detect similar issues from creeping into their technology products.

      Next, recurring mistakes shown in Hardware CWE keep coming back year after year because the industry does not yet have the means to successfully prevent or detect them at scale. While developer education and adoption of best practices are very important, hardware development teams can also benefit from electronic design automation (EDA) solutions that are purposely built to assist users to develop secure product designs.

      Most tools available today focus on detecting vulnerabilities after introduction. Yet, it is not uncommon to see designers attempting to fix a security issue while inadvertently introducing a new one.

      The next generation of Smart EDA solutions should do the following:

      Guide users to make design tradeoffs that balance security and functional considerations.

      Hardware designs are vulnerable to a broad spectrum of threats and concerns. What are the common set of metrics that best characterize security robustness? With security objectives varying across technology products, how does the EDA solution know which ones are relevant for a given design? How would the metrics be translated into insights to help users embrace security as a top-of-mind priority?

      Educate users on proper design-for-security best practices when security-sensitive design decisions are being made.

      While classroom learning is one way to acquire secure-by-construction knowledge, seizing the on-the-job moments to raise user awareness can help reinforce adoption of important design practices. How would a smart solution offer timely security guidance that is actionable and prescriptive, but not overly intrusive?

      Detect security issues at coding time and offer users reliable options in addressing them.

      Word processors have been offering valuable help to users by highlighting and correcting spelling and grammatical mistakes inline when documents are being edited. Smarter versions offer options to improve the stylistic form of writing, and some even manage to analyze the context of the document and make suggestions to complete what the users are about to write. Likewise, a smart EDA solution can help users to identify and fix security vulnerabilities while code is being developed.

      Recommend an optimized list of dynamic tests for execution.

      Not all security properties can be verified by analyzing the design statically. Hardware simulation or emulation are required to monitor run-time behaviors essential in identifying weaknesses involving race conditions, interactions with firmware, security flows, and more. Today, the burden to identify what tests to run and what parameters to use falls on the shoulders of the development team.

      Learn continuously from the user base to improve accuracy and quality.

      No system is perfect, even for a smart EDA solution. A self-learning system leveraging artificial intelligence and crowd sourcing feedback has the potential to improve its capabilities over time.

      Finally, in parallel to the relentless effort to keep security weaknesses out of the designs with the help of smart EDA solutions, innovation in systemic mitigations can also help to provide proven, security-robust building blocks that hardware designers can use to secure their technologies.

      Software has been the primary attack target over the last decade. But the research community has made great strides in creating hardware-based solutions that secure software workloads running on top. These systemic mitigations help to significantly increase the barrier of attacks and minimize negative impacts of software exploitations, making practical attacks much harder to succeed even for the most determined adversaries. While software developers may continue to make common mistakes that previously could result in buffer overflows, many of these are no longer exploitable when hardware-based protections are active.

      The hardware technology industry needs similar levels of research investments to that of software. Academic and industry research collaborations can help identify novel systemic mitigations that can make entire classes of common hardware weaknesses difficult for adversaries to exploit. Here are some examples of where researchers can help:

      Fault-resilient electronics and circuits.

      Circuits that are resilient against physical attacks offer a level of assurance for the computing logic built on top. Today’s C compilers generate binaries that are resilient against memory corruptions by automatically incorporating mitigations offered by the compiler, operating system and hardware platform. Likewise, hardware designers can benefit from design tools that automatically synthesize resilient circuits without user supervision. We need innovations that enable a device to detect when it is operated outside of the verified ranges, or self-heal to prolong the life span of its underlying electronics amid routine attacks.

      Universal in-field update infrastructure.

      As highlighted earlier, the landscape of remote update capabilities in hardware platforms today is similar to its software counterparts about a decade ago. Effective mechanisms are either missing or fragmented across technology providers. To keep up with the emerging threats and evolving product requirements, infrastructure that offers proactive updates covering all components of a system is essential.

      Rather than having each vendor inventing its own infrastructure and protocol, a universal in-field update mechanism backed by industry standards supporting heterogenous architectures and devices could be a more viable option.

      Privacy-preserving hardware telemetry.

      Telemetry collection has been a common practice in the software world. During software installation, users are often asked to provide permission for the applications to collect data for diagnostic and product improvement purposes.

      Likewise, hardware telemetry can provide crucial insights to designers to help root cause complex issues reported in the field, detect attacks in real-time, and accelerate development of effective mitigations that scale across systems with different configurations. Research learning could point hardware designers to an optimized set of hardware telemetry that is both effective and privacy-preserving.

      While challenging, hardware security is easily one of the most rewarding technology disciplines today. Hardware technologies that are secure and trustworthy are instrumental to improving lives and changing the world. Security could not be a more worthwhile and valuable focus. Through collaborative research, industry organizations and academia can together accelerate our ability to build such a trusted and secure foundation.

      About the Author: 

      Jason M. Fung, Director of Academic Research Engagement & Offensive Security Research, Intel

      eWEEK EDITORS
      eWEEK EDITORS
      eWeek editors publish top thought leaders and leading experts in emerging technology across a wide variety of Enterprise B2B sectors. Our focus is providing actionable information for today’s technology decision makers.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      10 Best Artificial Intelligence (AI) 3D Generators

      Aminu Abdullahi - November 17, 2023 0
      AI 3D Generators are powerful tools for creating 3D models and animations. Discover the 10 best AI 3D Generators for 2023 and explore their features.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×