Electronic systems have become a critical part of daily life. Due to increased proliferation and reliance on these systems, their security is paramount to the Department of Defense (DoD), commercial industry, and beyond. Current efforts to protect electronic systems, however, rely on developing and deploying patches to the software layer, without addressing underlying vulnerabilities in the hardware.
The System Security Integration Through Hardware and Firmware (SSITH) program seeks to protect electronic systems from common means of exploitation. Instead of relying on patches to ensure the safety of software applications, SSITH aims to address the underlying hardware vulnerabilities at the source. The program is developing hardware security architectures and associated design tools to protect systems against entire classes of vulnerabilities exploited through software, not just specific vulnerability instances. SSITH is focusing specifically on common classes of hardware weaknesses as identified by the MITRE Common Weakness Enumeration Specification (CWE) and NIST, including buffer errors, information leakage, resource management, numeric errors, code injection, crypto errors, and permissions, privileges, and access. Researchers are exploring a number of different approaches that go well beyond patching. These include using metadata tagging to detect unauthorized system access; utilizing context sensing pipelines to determine the intent of instructions; employing formal methods to reason about integrated circuit systems and guarantee the accuracy of security characteristics; deploying enclaves to enforce separation between processes or threads; encryption; periodic scrambling of memory layout and pointers; and combining hardware performance counters (HPCs) with machine learning to detect attacks and establish protective fences within the hardware.
Throughout the life of the program, SSITH seeks to continuously evaluate and strengthen the secure hardware architectures in development. To support this evaluation, SSITH is developing software tools to quantitatively measure the security properties of the hardware architectures and to express and reason about security architectures at the abstract (model) level and the concrete (product) level. Further, SSITH is exploring external evaluation efforts that involve crowdsourced red teaming of the technologies in development. This includes DARPA’s first ever bug bounty program, Finding Exploits to Thwart Tampering (FETT) Bug Bounty. Additional information on FETT is available here, https://fett.darpa.mil/
To accomplish its goal, SSITH encourages collaboration between academic, commercial, and the defense industrial base to provide robust and flexible solutions applicable to both DoD and commercial electronic systems. SSITH has successfully developed a number of RISC-V FPGA-based technology demonstrations, and the technologies have been incorporated into commercial designs. The ultimate goal of the program is to produce SSITH ASICs with near-term applicability to a range of systems – from embedded systems found in mobile phones and IoT devices to high performance servers in the cloud and military systems.
You are now leaving the DARPA.mil website that is under the control and
management of DARPA. The appearance of hyperlinks does not constitute
endorsement by DARPA of non-U.S. Government sites or the information,
products, or services contained therein. Although DARPA may or may not
use these sites as additional distribution channels for Department of
Defense information, it does not exercise editorial control over all of
the information that you may find at these locations. Such links are
provided consistent with the stated purpose of this website.
After reading this message, click to continue