Toward threat estimation of system memory Hardware Trojans John - - PowerPoint PPT Presentation

toward threat estimation of system memory hardware trojans
SMART_READER_LITE
LIVE PREVIEW

Toward threat estimation of system memory Hardware Trojans John - - PowerPoint PPT Presentation

Jul 10, 2023 318 likes •420 views

UNCLASSIFIED Toward threat estimation of system memory Hardware Trojans John Shield, Brad Hopkins, Chris North Redefining R&D Needs for Australian Cyber Security UNSW ACCS at ADFA, November 16 th 2015 1 UNCLASSIFIED The Australian

slide-1
SLIDE 1

1

UNCLASSIFIED

Toward threat estimation of system memory Hardware Trojans

John Shield, Brad Hopkins, Chris North Redefining R&D Needs for Australian Cyber Security UNSW ACCS at ADFA, November 16th 2015

slide-2
SLIDE 2

2

The Australian Perspective

  • Australia sources all integrated circuits from overseas
  • Lack of resources for:

– designing – fabricating – testing chips

  • Majority of supply is from non-allied nations

UNCLASSIFIED

Vendor Foundry Location 2014 Revenue 2014 Market Share (%) TSMC Taiwan 25,175 53.7 UMC Taiwan 4,621 9.9 Globalfoundries U.S. 4,400 9.4 Samsung1 South Korea 2,412 5.1 SMIC China 1,970 4.2

Gartner report "Market Share: Semiconductor Foundry, Worldwide, 2014."

slide-3
SLIDE 3

3

Hardware Trojans

  • Modifications to Circuit Boards or Integrated Circuits
  • We Focus on Integrated Circuits

– Harder to verify post-production

  • Modifications Possible

– Functional – Parametric

  • Outcomes

– Leak or Modify Information – Reduce Effectiveness

  • Denial of service, degradation of service, integrity attacks, etc.
slide-4
SLIDE 4

4

Memory Protection

  • Memory Protection is Key to Software Security

– Privilege Levels and Data Isolation

MMU Hardware Trojan

Memory Mapping

Software

DRAM Mapping Valid Memory Access Redirected access to blocked region Normal Access DRAM MEMORY CPU HARDWARE Blocked Memory Access

slide-5
SLIDE 5

5

Memory Trojan – Exemplar Hardware

  • Interposer Card
  • Redirects memory accesses
slide-6
SLIDE 6

6

Case Study: Cloud Computing

  • Breaking: Memory Isolation between Virtual

Machines

  • Description: Data modification of corporate email in

a corporate VM using an public VM

slide-7
SLIDE 7

7

Case Study: Guest Accounts

  • Breaking: Privileged (kernel) Mode and User Mode
  • Description: Overwriting a root executable by a guest

user to gain root access

slide-8
SLIDE 8

8

System Memory Trojan Threat

  • Threat Level

– High Threat: Software security hinges on memory protection

  • Securing Procurement

– Not viable

  • Defence Mechanisms

– None Commercially Available

slide-9
SLIDE 9

9

Threat Mitigation Strategy

  • DST Group – Trustworthy Systems Research

– Research: Trustworthy circuit design using untrusted components – Provides Australian defence context and applications – Collaboration: Integrate external S&T and Industry

  • Academia

– Research: Trustworthy software (eg seL4) – Research: Security primitives for hardware & processors

  • Industry - Partner early for

– Technology insertion – Transition into capability