|Edward Paul Ratazzi
Military operations in, and dependent on, cyberspace rely on many diverse components, systems, and infrastructure that each have various trust and assurance pedigrees. While some components may be fully designed, built, owned, maintained, and operated by trusted entities, others are purchased, leased, maintained, designed using 3rd-party intellectual property, etc., and thus cannot be fully trusted due to multiple concerns across the component's lifecycle and supply chain. Of particular concern, largely due to its permanence relative to software's changeability, is the security and trustworthiness of the underlying hardware.
The goal of this research opportunity is to develop systematic insights into the problem of hardware supply chain attacks, and propose solutions to designing, building and maintaining trust in, on, and in spite of our infrastructure's heterogeneous hardware foundation. Proposals that focus on developing specific solutions for increasing trust (e.g., physical unclonable function, logic obfuscation) should clearly show how they complement other trust technology in the hardware-software security co-design for mission assurance. Researchers should define a realistic threat model for context, and provide clear evidence supporting the manner and degree to which the threat is addressed.
- Y. Xie, C. Bao, C. Serafy, T. Lu, A. Srivastava and M. Tehranipoor, "Security and Vulnerability Implications of 3D ICs," in IEEE Transactions on Multi-Scale Computing Systems, vol. 2, no. 2, pp. 108-122, 1 April-June 2016.
- Kaveh Shamsi, Meng Li, Kenneth Plaks, Saverio Fazzari, David Z. Pan, and Yier Jin. 2019. IP Protection and Supply Chain Security through Logic Obfuscation: A Systematic Overview. ACM Trans. Des. Autom. Electron. Syst. 24, 6, Article 65 (November 2019).
- S. Ray, E. Peeters, M. M. Tehranipoor and S. Bhunia, "System-on-Chip Platform Security Assurance: Architecture and Validation," in Proceedings of the IEEE, vol. 106, no. 1, pp. 21-37, Jan. 2018.
computer security; embedded systems; supply chain security; design-for-trust; trusted computing base; root of trust