Hardware Security is at Stake
The security of computer-based systems is an essential concern in today's digitalized information society. In addition to the software, security at the hardware level plays a fundamental role. Based on findings from software development, in which architectural risk analysis is successfully used by small and large companies to analyze the security of their systems, we extend to hardware architectural security analysis. Embedding this crucial step in hardware design at early stages is of utmost importance.
Combining the Architectural and the Register Transfer Level View for Security Analysys
The aim is to extract the architecture, visualize it, and, most importantly, enable testing of architectural security for hardware design. To achieve this goal, we want to combine two existing tools. The first tool is the analysis tool DuRTL, which was developed at the TUHH to support hardware-design understanding. DuRTL supports understanding existing hardware designs and can help understand large and complex chip designs that may contain foreign components. DuRTL and its source code will be published as part of the project as an open-source tool. The second tool is the already open-source tool ArchSec, which has been used for automation for software security analysis. Architectural security analysis for software systems, incorporating automation approaches, has been intensively researched for around ten years. ArchSec offers an extensible formalism that allows adaptation to new domains but supports, at the same time, the reuse of known security knowledge.
The integration of the two tools enables the methodical approach from software security for hardware design in the early phases. At the same time, the automated analysis known for hardware designs is seamlessly integrated for use in later design phases.
The Project
Our ExViPaS project is funded for 3 years by the German Ministry for Education and Research and is part of a larger initiative towards Open Source Hardware Design tools. Within the project, we expect the direct exchange with our partners from companies and other research groups.