Skip to main content
Article thumbnail
Location of Repository

2011 IEEE Symposium on Security and Privacy DefeatingUCI:BuildingStealthyandMaliciousHardware

By Cynthia Sturton, Matthew Hicks, David Wagner and Samuel T. King

Abstract

Abstract—In previous work Hicks et al. proposed a method called Unused Circuit Identification (UCI) for detecting malicious backdoors hidden in circuits at design time. The UCI algorithm essentially looks for portions of the circuit that go unused during design-time testing and flags them as potentially malicious. In this paper we construct circuits that have malicious behavior, but that would evade detection by the UCI algorithm and still pass design-time test cases. To enable our search forsuchcircuits,wedefineoneclassofmaliciouscircuits and perform a bounded exhaustive enumeration of all circuits in that class. Our approach is simple and straight forward, yet it proves to be effective at finding circuits that can thwart UCI. We use the results of our search to construct a practical attack on an open-source processor. Our malicious backdoor allowsanyuser-levelprogramrunningontheprocessortoenter supervisor mode through the use of a secret “knock. ” We close with a discussion on what we see as a major challenge facing any future design-time malicious hardware detection scheme: identifying a sufficient class of malicious circuits to defend against. Keywords-hardware; security; attack I

Year: 2013
OAI identifier: oai:CiteSeerX.psu:10.1.1.352.8725
Provided by: CiteSeerX
Download PDF:
Sorry, we are unable to provide the full text but you may find it at the following location(s):
  • http://citeseerx.ist.psu.edu/v... (external link)
  • http://www.ieee-security.org/T... (external link)
  • Suggested articles


    To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.