4 research outputs found
When a Patch is Not Enough - HardFails: Software-Exploitable Hardware Bugs
In this paper, we take a deep dive into microarchitectural security from a
hardware designer's perspective by reviewing the existing approaches to detect
hardware vulnerabilities during the design phase. We show that a protection gap
currently exists in practice that leaves chip designs vulnerable to
software-based attacks. In particular, existing verification approaches fail to
detect specific classes of vulnerabilities, which we call HardFails: these bugs
evade detection by current verification techniques while being exploitable from
software. We demonstrate such vulnerabilities in real-world SoCs using RISC-V
to showcase and analyze concrete instantiations of HardFails. Patching these
hardware bugs may not always be possible and can potentially result in a
product recall. We base our findings on two extensive case studies: the recent
Hack@DAC 2018 hardware security competition, where 54 independent teams of
researchers competed world-wide over a period of 12 weeks to catch inserted
security bugs in SoC RTL designs, and an in-depth systematic evaluation of
state-of-the-art verification approaches. Our findings indicate that even
combinations of techniques will miss high-impact bugs due to the large number
of modules with complex interdependencies and fundamental limitations of
current detection approaches. We also craft a real-world software attack that
exploits one of the RTL bugs from Hack@DAC that evaded detection and discuss
novel approaches to mitigate the growing problem of cross-layer bugs at design
time
When a Patch is Not Enough - HardFails: Software-Exploitable Hardware Bugs
Modern computer systems are becoming faster,
more efficient, and increasingly interconnected with each generation. Consequently, these platforms also grow more complex,
with continuously new features introducing the possibility of new
bugs. Hence, the semiconductor industry employs a combination
of different verification techniques to ensure the security of
System-on-Chip (SoC) designs during the development life cycle.
However, a growing number of increasingly sophisticated attacks
are starting to leverage cross-layer bugs by exploiting subtle interactions between hardware and software, as recently demonstrated
through a series of real-world exploits with significant security
impact that affected all major hardware vendors