TU Darmstadt / ULB / TUbiblio

Trusting the trust anchor: towards detecting cross-layer vulnerabilities with hardware fuzzing

Chen, Chen ; Kande, Rahul ; Mahmoody, Pouya ; Sadeghi, Ahmad-Reza ; Rajendran, JV (2022)
Trusting the trust anchor: towards detecting cross-layer vulnerabilities with hardware fuzzing.
59th ACM/IEEE Design Automation Conference. San Francisco, USA (10.07.2022-14.07.2022)
doi: 10.1145/3489517.3530638
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

The rise in the development of complex and application-specific commercial and open-source hardware and the shrinking verification time are causing numerous hardware-security vulnerabilities. Traditional verification techniques are limited in both scalability and completeness. Research in this direction is hindered due to the lack of robust testing benchmarks. In this paper, in collaboration with our industry partners, we built an ecosystem mimicking the hardware-development cycle where we inject bugs inspired by real-world vulnerabilities into RISC-V SoC design and organized an open-to-all bug-hunting competition. We equipped the participating researchers with industry-standard static and dynamic verification tools in a ready-to-use environment. The findings from our competition shed light on the strengths and weaknesses of the existing verification tools and highlight the potential for future research in developing new vulnerability detection techniques.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2022
Autor(en): Chen, Chen ; Kande, Rahul ; Mahmoody, Pouya ; Sadeghi, Ahmad-Reza ; Rajendran, JV
Art des Eintrags: Bibliographie
Titel: Trusting the trust anchor: towards detecting cross-layer vulnerabilities with hardware fuzzing
Sprache: Englisch
Publikationsjahr: 23 August 2022
Verlag: ACM
Buchtitel: DAC'22: Proceedings of the 59th ACM/IEEE Design Automation Conference
Veranstaltungstitel: 59th ACM/IEEE Design Automation Conference
Veranstaltungsort: San Francisco, USA
Veranstaltungsdatum: 10.07.2022-14.07.2022
DOI: 10.1145/3489517.3530638
Kurzbeschreibung (Abstract):

The rise in the development of complex and application-specific commercial and open-source hardware and the shrinking verification time are causing numerous hardware-security vulnerabilities. Traditional verification techniques are limited in both scalability and completeness. Research in this direction is hindered due to the lack of robust testing benchmarks. In this paper, in collaboration with our industry partners, we built an ecosystem mimicking the hardware-development cycle where we inject bugs inspired by real-world vulnerabilities into RISC-V SoC design and organized an open-to-all bug-hunting competition. We equipped the participating researchers with industry-standard static and dynamic verification tools in a ready-to-use environment. The findings from our competition shed light on the strengths and weaknesses of the existing verification tools and highlight the potential for future research in developing new vulnerability detection techniques.

Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Theoretische Informatik
20 Fachbereich Informatik > Systemsicherheit
Profilbereiche
Profilbereiche > Cybersicherheit (CYSEC)
Hinterlegungsdatum: 18 Apr 2023 07:13
Letzte Änderung: 18 Apr 2023 07:13
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen