Winning the 'Race to the Bottom' by Changing the Rules: Inhibiting Malicious Hardware Activation through Attack Incompatibility

Award Information
Agency:
Department of Defense
Branch
Office of the Secretary of Defense
Amount:
$99,593.00
Award Year:
2010
Program:
SBIR
Phase:
Phase I
Contract:
FA8650-11-M-1058
Award Id:
96911
Agency Tracking Number:
O102-IA1-1019
Solicitation Year:
n/a
Solicitation Topic Code:
OSD 10-IA1
Solicitation Number:
n/a
Small Business Information
421 SW Sixth, Suite 300, Portland, OR, 97204
Hubzone Owned:
N
Minority Owned:
N
Woman Owned:
N
Duns:
098009918
Principal Investigator:
David Burke
Principal Investigator
(503) 808-7175
davidb@galois.com
Business Contact:
Anne McClaran
Contracts Administrator
(503) 808-7203
anne@galois.com
Research Institute:
n/a
Abstract
Many hardware trojans depend on (a) the ability of an attacker to have an accurate model of the target system and of key software used on that system and (b) identification of one or more deterministic trigger conditions with low observability (i.e., conditions that evade detection by traditional scan- or ATPG-based testing methodologies but that can be exercised on demand via external stimuli). We call this class of trojans deterministic, externally-triggered (DET) trojans. This work introduces a class of software-based general purpose countermeasures to the DET class of trojans. We propose a set of tools by which the software engineer can transform the source code of system & application software to automatically obfuscate communication channels. The tools take as input two things: (a) the source code of communicating software components, and (b) a specification of obfuscating transformations on the communication; from these is generated the transformed source code. The resulting system does not adhere to the behavioral model assumed when building the trojan. Thus an adversary's assault is rendered less effective via "attack incompatibility": trigger conditions have been altered such that the malicious behavior cannot be reliably instigated.

* information listed above is at the time of submission.

Agency Micro-sites


SBA logo

Department of Agriculture logo

Department of Commerce logo

Department of Defense logo

Department of Education logo

Department of Energy logo

Department of Health and Human Services logo

Department of Homeland Security logo

Department of Transportation logo

Enviromental Protection Agency logo

National Aeronautics and Space Administration logo

National Science Foundation logo
US Flag An Official Website of the United States Government