You can update ..Generally, I’m a fan of letting market forces figure out best solutions to whatever evolving needs we may have, but I’m enough of a realist to accept that’s not a workable answer to every need. Some problems need a top-down fix. However, we can’t expect policymakers or industry consortia to create compliance demands in a vacuum. Useful regulations can require that we follow a standard only if such a standard has been defined already, ideally by widely respected authorities. This is very much the case for security in modern electronic systems.
Major hardware security initiative
We have isolated islands of standards such as PCI for payment cards, but we need a broader initiative to cover all the billions of potential devices in the extended Internet of Things. In security an authoritative source in this area for quite a while, certainly for software security, has been the MITRE corporation, who developed and maintain the Common Weakness Enumeration (CWE). A related effort, developed by the Department of Homeland Security (DHS) is the Common Attack Pattern Enumeration and Classification (CAPEC). These efforts have now merged under a common board for CWE/CAPEC, sponsored by the DHS and managed by MITRE. Jason Oberg, co-founder and CTO of Tortuga Logic, has been appointed to this newly-announced board.
Mitre CWEs now cover hardware also
MITRE recently extended their security focus to weaknesses and vulnerabilities in hardware (FPGA, ASIC and SoC), driven by input from Intel, with contributions by Tortuga Logic’s security team. In my view this is a much-needed extension, given growing attention to software exploits on hardware weaknesses. Now we have the potential to think of overarching security concerns rather than legacy divisions between methods of implementation. Product development teams will be able to leverage these efforts to secure their devices and Jason will now help set the industry direction for this.
MITRE’s started on CWE in 2006. This now supports a wide range of software security tools., including CAST, IBM, MathWorks, RedHat, Synopsys, and others. It is reasonable to expect that similar efforts will appear for the hardware aspect. In fact, Tortuga Logic already has an approach to security verification which is very synergistic with these efforts, looking at vulnerabilities very broadly in terms of threat models defined by CIA triad. First confidentiality: privileged information may not leak. Second integrity: no attack may modify such information. Third availability: the system remains resilient even under attack.
Most CWE’s now supported in Radix ruleset
Tortuga Logic has mapped over 83% of the currently listed hardware CWEs into rules for their Radix family of products. Radix represents these in terms of assets to be protected and other generalized characteristics of a design. For example, assets should not leak through any path to the JTAG boundary. You can update these rules easily to reflect specifics of a given design. Which provides an almost turnkey set of rules reflecting the state-of-art expectations for organizations using hardware CWEs.
I should remind you that the Radix tools build instrumentation to check compliance to these rules. Those checks can run in your normal verification flow. In simulation or in emulation. When I say normal, I mean normal. No need for special security-aware testbenches. Jason tells me that if your verification coverage is good enough for regular signoff, it will also be good enough for security signoff.
Pretty useful, considering who’s standing behind this emerging definition of security. You can read more about Tortuga and their CWE white paper and CWE security HERE.
Note that Andreas Kuehlmann, previously of the Synopsys Software Integrity Group, is now CEO at Tortuga Logic.