Information Technology News.


DARPA says too many security issues come from hardware design errors

Share on Twitter.

Sponsered ad: Get a Linux Enterprise server with 92 Gigs of RAM, 16 CPUs and 8 TB of storage at our liquidation sale. Only one left in stock.

Sponsered ad: Order the best SMTP service for your business. Guaranteed or your money back.

April 12, 2017

America's DARPA (Defense Advanced Research Project Agency) asserts that too many security issues arise from hardware design errors or omissions, and it wishes that computer scientists and engineers propose better hardware-level security mechanisms in the systems that they develop.

For example, the term 'baked-in security' is an open question and for good reason-- so many elements and reusable software code security vulnerabilities can hinder most chips.

About the various security concerns, Intel's Security Guard Extensions (SGX) are a very popular target for hackers crafting proofs-of-concept against the system's architecture.

Nevertheless, DARPA wishes something better would be implemented than just “patch and hold your fingers crossed” software security. On April 21, DARPA is hosting a 'proposers day' for its System Security Integrated Through Hardware and Firmware Conference (SSITH).

What it wants to implement are hardware design tools that provide security against hardware vulnerabilities, for both the Department of Defense (D&D) and various commercial systems used in the United States.

They want hardware designers to limit the permitted hardware to countries that are assured to be secure, without sacrificing performance.

Of particular interest in the DARPA program are the seven vulnerability classes known as Common Weakness Enumeration (CWE) applicable to hardware only, but easily exploitable through software.

These are permission/privilege errors, buffer overflow errors, resource management, information leakage, numeric errors, cryptographic errors, and code injection security vulnerabilities.

Together, DARPA says that hardware design flaws of this type represents more than 39.8 percent of currently known and/or targeted attacks.

The program is managed by Linton Salmon of DARPA's Microsystems Technology Office, who in the agency's announcement says that various software patches to hardware flaws simply aren't enough in the current environment.

The SSITH program wants to remove those hardware vulnerabilities in ways that will disarm a large proportion of today’s software attacks, Salmon asserted.

SSITH is almost a 4-year ambitious program covering development and demonstration of hardware architectures and various techniques to accurately measure the security of new hardware designs, including tradeoffs in such matters like performance, power efficiency and circuit area.

Source: The U.S. Defense Advanced Research Project Agency.


Sponsered ad: Get a Linux Enterprise server with 92 Gigs of RAM, 16 CPUs and 8 TB of storage at our liquidation sale. Only one left in stock.

Sponsered ad: Order the best SMTP service for your business. Guaranteed or your money back.

Share on Twitter.

IT News Archives | Site Search | Advertise on IT Direction | Contact | Home

All logos, trade marks or service marks on this site are the property of their respective owners.

Sponsored by Sure Mail™, Avantex and
by Montreal Server Colocation.

       © IT Direction. All rights reserved.