U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Presentation

A New Doctrine for Hardware Security

March 2, 2022

Presenters

Simha Sethumadhavan - Columbia University
Adam Hastings - Columbia University

Description

Recent woes in hardware security are not only because of a lack of convincing technical solutions but also because market forces and incentives prevent those with the ability to fix problems from doing so. At the root of the problem is the fact that hardware security comes at a cost; Present issues in hardware security can be seen as the result of the players in the game of hardware security finding ways of avoiding paying this cost. We formulate this idea into a doctrine of security, namely the Doctrine of Shared Burdens and analyze three case studies---Rowhammer, Spectre, and Meltdown---through the lens of this doctrine.

Following this we discuss a novel approach to incentivize vendors to include security in their products. Our approach, called open mandates, mandates that all vendors must dedicate some amount of resources (e.g. system speed, energy, design cost, etc.) towards security. Unlike the current state-of-the-art, "checklist security", open mandates do not prescribe specific controls that must be implemented. The goal of open mandates is to provide flexibility to vendors in implementing security controls that they see fit while requiring all vendors to commit to a certain level of security.

We quantitatively demonstrate that such open mandates can lead to measurable improvements, and then describe how open Mandates can be enforced with a case study on hardware support for software security. We will describe our prototype system (The proto-COMMAND system) and demonstrate its deployability.

Created April 27, 2022