Breadcrumb

  1. Home
  2. Research
  3. Programs
  4. SSITH: System Security Integration Through Hardware and Firmware

SSITH: System Security Integration Through Hardware and Firmware

 

Program Summary

Electronic systems have become a critical part of daily life. Due to increased proliferation and reliance on these systems, their security is paramount to the Department of Defense (DoD), commercial industry, and beyond. Current efforts to protect electronic systems, however, rely on developing and deploying patches to the software layer, without addressing underlying vulnerabilities in the hardware.

The System Security Integration Through Hardware and Firmware (SSITH) program seeks to protect electronic systems from common means of exploitation. Instead of relying on patches to ensure the safety of software applications, SSITH aims to address the underlying hardware vulnerabilities at the source. The program is developing hardware security architectures and associated design tools to protect systems against entire classes of vulnerabilities exploited through software, not just specific vulnerability instances. SSITH is focusing specifically on common classes of hardware weaknesses as identified by the MITRE Common Weakness Enumeration Specification (CWE) and NIST, including buffer errors; information leakage; resource management; numeric errors; injection; permissions, privileges, and access control; and hardware/system-on-chip implementation errors. Researchers are exploring a number of different approaches that go well beyond patching. These include using metadata tagging to detect unauthorized system access; utilizing context sensing pipelines to determine the intent of instructions; and employing formal methods to reason about integrated circuit systems and guarantee the accuracy of security characteristics.

Throughout the life of the program, SSITH seeks to continuously evaluate and strengthen the secure hardware architectures in development. To support this evaluation, SSITH is developing software tools to quantitatively measure the security properties of the hardware architectures and to express and reason about security architectures at the abstract (model) level and the concrete (product) level. Further, SSITH is exploring external evaluation efforts that involve crowdsourced red teaming of the technologies in development. This included DARPA’s first ever bug bounty program, Finding Exploits to Thwart Tampering (FETT) Bug Bounty. Additional information on FETT is available here, https://fett.darpa.mil/

To accomplish its goal, SSITH encourages collaboration between academic, commercial, and the defense industrial base to provide robust and flexible solutions applicable to both DoD and commercial electronic systems. SSITH has successfully developed a number of RISC-V FPGA-based technology demonstrations, and the technologies have been incorporated into commercial designs. The ultimate goal of the program is to produce SSITH ASICs with near-term applicability to a range of systems – from embedded systems found in mobile phones and IoT devices to high performance servers in the cloud and military systems.

 

Resources

Contact