Defeating UCI: Building stealthy and malicious hardware

Proceedings - IEEE Symposium on Security and Privacy

Volumn , Issue , 2011, Pages 64-77

  Sturton, Cynthia ^a   Hicks, Matthew ^b   Wagner, David ^a   King, Samuel T ^b  

^a UNIVERSITY OF CALIFORNIA   (United States)

^b UNIVERSITY OF ILLINOIS AT URBANA CHAMPAIGN   (United States)

Author keywords

Attack; Hardware; Security

Indexed keywords

HARDWARE SECURITY;

ATTACK; BACKDOORS; CIRCUIT IDENTIFICATION; DESIGN TIME; HARDWARE; IDENTIFICATION ALGORITHMS; MALICIOUS BEHAVIOR; MALICIOUS CIRCUITS; PASS DESIGNS; SECURITY;

PROGRAM PROCESSORS;

EID: 80051957441     PISSN: 10816011     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SP.2011.32     Document Type: Conference Paper

References (28)

1. S. T. King, J. Tucek, A. Cozzie, C. Grier, W. Jiang, and Y. Zhou, "Designing and implementing malicious hardware," in Proceedings of the First USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), 2008, pp. 1-8.
2. M. Hicks, M. Finnicum, S. T. King, M. M. K. Martin, and J. M. Smith, "Overcoming an untrusted computing base: Detecting and removing malicious hardware automatically," in Proceedings of the 2010 IEEE Symposium on Security and Privacy, 2010, pp. 159-172.
3. J. Markoff, "Old trick threatens the newest weapons," The New York Times, p. D1, October 27 2009.
4. S. Adee, "The hunt for the kill switch," IEEE Spectrum, vol. 45, no. 5, pp. 34-39, 2008.
5. B. Gassend, D. Clarke, M. van Dijk, and S. Devadas, "Silicon physical random functions," in Proceedings of the 9th ACM Conference on Computer and Communications Security, 2002, pp. 148-160.
6. B. Moyer, "A PUF piece: Revealing secrets buried deep within your silicon," EE Journal, January 24 2011, http://www.techfocusmedia.net/ archives/articles/20110124-puf/.
7. D. Du, S. Narasimhan, R. S. Chakraborty, and S. Bhunia, "Self-referencing: a scalable side-channel approach for hardware trojan detection," in 12th International Conference on Cryptographic Hardware and Embedded Systems (CHES). Springer-Verlag, 2010.
8. Y. Jin and Y. Makris, "Hardware trojan detection using path delay fingerprint," in IEEE International Workshop on Hardware-Oriented Security and Trust, 2008.
9. R. Rad, M. Tehranipoor, and J. Plusquellic, "Sensitivity analysis to hardware trojans using power supply transient signals," in IEEE International Workshop on Hardware-Oriented Security and Trust, 2008.
10. T. Kean, D. McLaren, and C. Marsh, "Verifying the authenticity of chip designs with the designtag system," in IEEE International Workshop on Hardware-Oriented Security and Trust, 2008.
11. A. Das, G. Memik, J. Zambreno, and A. Choudhary, "Detecting/ preventing information leakage on the memory bus due to malicious hardware," in Design, Automation & Test in Europe, 2010.
12. M. Potkonjak, "Synthesis of trustable ICs using untrusted CAD tools," in Design Automation Conference (DAC). ACM/IEEE, 2010.
13. U. Rührmair, F. Sehnke, J. Sölter, G. Dror, S. Devadas, and J. Schmidhuber, "Modeling attacks on physical unclonable functions," in Proceedings of the 17th ACM Conference on Computer and Communications Security, 2010.
14. I. Hadžić, S. Udani, and J. M. Smith, "FPGA Viruses," in Proceedings of the 9th International Workshop on Field-Programmable Logic and Applications. Springer, 1999.
15. D. Agrawal, S. Baktir, D. Karakoyunlu, P. Rohatgi, and B. Sunar, "Trojan detection using IC fingerprinting," in Proceedings of the 2007 IEEE Symposium on Security and Privacy, 2007, pp. 296-310. (Pubitemid 47432536)
16. Y. Jin, N. Kupp, and Y. Makris, "Experiences in hardware trojan design and implementation," IEEE International Workshop on Hardware-Oriented Security and Trust, 2009.
17. T. Huffmire, B. Brotherton, G. Wang, T. Sherwood, R. Kastner, T. Levin, T. Nguyen, and C. Irvine, "Moats and drawbridges: An isolation primitive for reconfigurable hardware based systems," in Proceedings of the 2007 IEEE Symposium on Security and Privacy, 2007.
18. A. Waksman and S. Sethumadhavan, "Tamper evident microprocessors," in Proceedings of the 2010 IEEE Symposium on Security and Privacy, 2010.
19. C. Seger, "An introduction to formal hardware verification," University of British Columbia, Vancouver, BC, Canada, Canada, Tech. Rep., 1992.
20. C. Kern and M. R. Greenstreet, "Formal verification in hardware design: a survey," ACM Trans. Des. Autom. Electron. Syst., vol. 4, no. 2, pp. 123-193, 1999.
21. R. Pelanek, "Fighting state space explosion: Review and evaluation," Formal Methods for Industrial Critical Systems, vol. 5596, pp. 37-52, 2009.
22. V. A. Patankar, A. Jain, and R. E. Bryant, "Formal verification of an ARM processor," in Twelfth International Conference On VLSI Design, 1999.
23. M. Srivas and M. Bickford, "Formal verification of a pipelined microprocessor," Software, IEEE, vol. 7, no. 5, pp. 52-64, 1990.
24. J. R. Burch and D. L. Dill, "Automatic verification of pipelined microprocessor control," in CAV '94: Proceedings of the 6th International Conference on Computer Aided Verification. London, UK: Springer-Verlag, 1994, pp. 68-80.
25. J. U. Skakkebaek, R. B. Jones, and D. L. Dill, "Formal verification of out-of-order execution using incremental flushing," in CAV '98: Proceedings of the 10th International Conference on Computer Aided Verification. London, UK: SpringerVerlag, 1998, pp. 98-109. (Pubitemid 128092331)
26. M. N. Velev and R. E. Bryant, "Formal verification of superscale microprocessors with multicycle functional units, exception, and branch prediction," in DAC '00: Proceedings of the 37th Annual Design Automation Conference. ACM, 2000, pp. 112-117.
27. R. Hosabettu, G. Gopalakrishnan, and M. Srivas, "Formal verification of a complex pipelined processor," Formal Methods System Design, vol. 23, no. 2, pp. 171-213, 2003.
28. J. Bormann, S. Beyer, A. Maggiore, M. Siegel, S. Skalberg, T. Blackmore, and F. Bruno, "Complete formal verification of TriCore2 and other processors," in DVCon, February 2007.