I am a big fan of conspiracy theories and the business of being paranoid. This must be the reason that I'm in the proactive security business for more than a decade now. I truly believe in Andrew Grove's Only the Paranoid Survive. So with great joy I read this month's IEEE Spectrums' article about the US department of Defense Cyber Trust's Trust in Integrated Circuits Program.
The DoD would like to ensure that commercial, off-the-shelf chips and other 21st century building blocks used for military purposes do not carry malicious components or code that can be used as a backdoor. A kill switch or backdoor built into an encryption chip could be compromised or programmed remotely to be turned off. Other chips might be instructed to change mission route, etc. In short, the DARPA program is about finding a way to vet chips, and determine which ones can be trusted.
The DoD had selected 3 companies (Raytheon, Luna Innovations, and Xradia ) to provide a solution. Each provided a different alternative. Here is the short version from the article:
As I read about, it hit me that the 3 companies are implementing SecureSphere-like technologies for chips!
Narrowing down the number of possible unspecified functions: that's exactly what dynamic profiling enforcement provides! It checks for allowed operations only and prevent all other unknown and unauthorized operations.
Soft X-rays inspection that are powerful enough to penetrate but not strong enough to do damage using the same concept of transparent inspection. Imperva's Transparent Inspection technology delivers multi-gigabit performance, sub-millisecond latency, and options for high availability that meet the requirements of even the most demanding application and database environments.
Boolean equivalence checking is similar to Correlated Attack Validation. Distinguishing between attacks and valid user traffic. By basing decisions on multiple observations rather than a single event, CAV delivers a highly accurate and completely automated defense system--achieving overall accuracy that cannot be matched by several standalone data security products, not to mention that SecureSphere examines and can match requests and responses.
Yea, Only the Paranoid Survive.
The DoD would like to ensure that commercial, off-the-shelf chips and other 21st century building blocks used for military purposes do not carry malicious components or code that can be used as a backdoor. A kill switch or backdoor built into an encryption chip could be compromised or programmed remotely to be turned off. Other chips might be instructed to change mission route, etc. In short, the DARPA program is about finding a way to vet chips, and determine which ones can be trusted.
The DoD had selected 3 companies (Raytheon, Luna Innovations, and Xradia ) to provide a solution. Each provided a different alternative. Here is the short version from the article:
- Xradia, in Concord, Calif., builds nondestructive X-ray microscopes used widely in the semiconductor industry, so it may be looking at a new method of inspecting chips based on soft X-ray tomography. Soft X-rays are powerful enough to penetrate the chip but not strong enough to do irreversible damage.
- Luna Innovations, in Roanoke, Va., specializes in creating anti-tamper features for FPGAs. Their approach may involve narrowing down the number of possible unspecified functions. Chip security [is compared to] to a barricaded home. The front door and windows might offer vault-like protection, but there might be an unknown window in the basement. The Luna researchers are looking for the on-chip equivalent of the basement window.
- Raytheon, of Waltham, Mass., has expertise in hardware and logic testing. The company would use Boolean equivalence checking to analyze what types of inputs will generate certain outputs.
As I read about, it hit me that the 3 companies are implementing SecureSphere-like technologies for chips!
Narrowing down the number of possible unspecified functions: that's exactly what dynamic profiling enforcement provides! It checks for allowed operations only and prevent all other unknown and unauthorized operations.
Soft X-rays inspection that are powerful enough to penetrate but not strong enough to do damage using the same concept of transparent inspection. Imperva's Transparent Inspection technology delivers multi-gigabit performance, sub-millisecond latency, and options for high availability that meet the requirements of even the most demanding application and database environments.
Boolean equivalence checking is similar to Correlated Attack Validation. Distinguishing between attacks and valid user traffic. By basing decisions on multiple observations rather than a single event, CAV delivers a highly accurate and completely automated defense system--achieving overall accuracy that cannot be matched by several standalone data security products, not to mention that SecureSphere examines and can match requests and responses.
Yea, Only the Paranoid Survive.
