The computer systems security arms race between attackers and defenders has largely taken place in the domain of software systems, but as hardware complexity and design processes have evolved, novel and potent hardware-based security threats are now possible. This paper presents a hybrid hardware/software approach to defending against malicious hardware.
The proposed BlueChip defensive strategy has both a design-time component and a runtime component. During the design verification phase, BlueChip invokes a new technique, unused circuit identification (UCI), to identify suspicious circuitry -— those circuits not used or otherwise activated by any of the design verification tests. BlueChip removes the suspicious circuitry and replaces it with exception generation hardware. The software exception handler is responsible for preserving correct system behavior by emulating hardware functionality in software, effectively providing a detour around suspicious hardware while allowing the system to continue making forward progress. In our experiments, BlueChip is able to prevent all hardware attacks we evaluate, while adding 6% runtime overhead in the worst case.
Matthew Hicks is currently a Ph.D. student studying Computer Science at the University of Illinois at Urbana-Champaign, where he earned his Masters degree in 2008 and expects to complete his doctorate by May 2011. He earned his B.S. in Computer Science from the University of Central Florida in May 2006.
His current research centers on crafting and detecting malicious insertions into hardware. Previous research focused on hardware support for real-time systems and embedded systems in general. He is interested in research topics ranging from the hardware layer (circuits, architecture, FPGAs) up to the operating system layer. He is especially interested in redefining the interface between hardware and software.