AN IN-DEPTH VISION TO HARDWARE DESIGN SECURITY VULNERABILITIES

(Received: 29-Oct.-2021, Revised: 20-Dec.-2021 , Accepted: 11-Jan.-2022)

Authors Zainab Younis, Basim Mahmood,

Keywords #Complex networks #CWE vulnerabilities #Data analysis #Hardware vulnerabilities

Abstract Hardware plays a major role in our everyday life. Despite the technological thrive, there remain various security issues regarding hardware weaknesses that needed to be addressed carefully. Hence, an in-depth vision of the vulnerabilities that may exist in hardware design is delivered in this study by generating a network model that contains the most common weaknesses reported in common weakness enumeration (CWE). The main goal of the generated network is to deeply analyze the relations between different hardware designs and security weaknesses. Based on the conducted analysis, recommendations and suggestions are given to benefit many parties including hardware security developers. Accordingly, the analysis approach depends on different concepts that are inspired by the field of network science. The generated model is illustrated in a graph, wherein the nodes are the weaknesses and the edges are created if two weaknesses have a relation to each other. Promising findings have been attained and can be observed in the given model. For instance, the weaknesses CWE-441, CWE-1189, CWE-276 and CWE- 1304 have not been given enough attention by the CWE and should be highly considered by software developers. Moreover, a rank for the hardware vulnerabilities based on network metrics is provided and compared with the most recently announced list of top hardware weaknesses by CWE. It is found that only two weaknesses are in common between the two lists, which indicates that the CWE list does not highly consider the relations among the weaknesses.

References

[1] T. Gaddis, Starting out with Python, ISBN-13: 978-0134444321, Harlow, UK: Pearson, 2018.

[2] A. Sengupta, "Hardware Vulnerabilities and Their Effects on CE Devices: Design for Security against Trojans [Hardware Matters]," IEEE Consumer Electronics Magazine, vol. 6, no. 3, pp. 126-133, 2017.

[3] M. Alenezi, M. Zagane and Y. Javed, "Efficient Deep Features Learning for Vulnerability Detection Using Character N-gram Embedding," Jordanian Journal of Computers and Information Technology, vol. 7, no. 1, pp. 25-38, 2021.

[4] P. A. Wortman, F. Tehranipoor and J. A. Chandy, "Exploring the Coverage of Existing Hardware Vulnerabilities in Community Standards," Proc. of the Silicon Valley Cybersecurity Conference (SVCC2020), pp. 87-97, DOI:10.1007/978-3-030-72725-3_6, 2021.

[5] G. Bloom, E. Leontie, B. Narahari and R. Simha, "Hardware and Security: Vulnerabilities and Solutions," Chapter 12, pp. 305-331, Handbook on Securing Cyber-Physical Critical Infrastructure, Morgan Kaufmann, 2012.

[6] CVE, "Terminology," [Online], Available: https://cve.mitre.org/about/terminology.html, [Accessed: 27- Oct-2021].

[7] B. Martin, "Common Vulnerabilities Enumeration (CVE), Common Weakness Enumeration (CWE) and Common Quality Enumeration (CQE)," ACM SIGAda Ada Letters, vol. 38, no. 2, pp. 9-42, 2019.

[8] CWE, "Common Weakness Enumeration," [Online], Available: https://cwe.mitre.org/index.html, [Accessed: 28-Oct-2021].

[9] S. Bhunia and M. H. Tehranipoor, Hardware Security: A Hands-on Learning Approach, ISBN-13: 978- 0128124772, Cambridge, MA: Morgan Kaufmann Publishers, 2019.

[10] C. Li and J.-L. Gaudiot, "Detecting Malicious Attacks Exploiting Hardware Vulnerabilities Using Performance Counters," Proc. of the 43rd IEEE Annual Computer Software and Applications Conference (COMPSAC), pp. 588-597, DOI: 10.1109/COMPSAC.2019.00090, Milwaukee, WI, USA, 2019.

[11] M. Seaborn and T. Dullien, "Exploiting the DRAM Rowhammer Bug to Gain Kernel Privileges," Black Hat Briefings, pp. 1-71, [Online], Available: https://www.blackhat.com/docs/us-15/materials/us-15- Seaborn-Exploiting-The-DRAM-Rowhammer-Bug-To-Gain-Kernel-Privileges.pdf, 2015.

[12] E. Bosman, K. Razavi, H. Bos and C. Giuffrida, "Dedup Est Machina: Memory Deduplication As an Advanced Exploitation Vector," Proc. of the IEEE Symposium on Security and Privacy (SP), pp. 987- 1004, DOI 10.1109/SP.2016.63, San Jose, CA, USA, 2016.

[13] D. Gruss, C. Maurice and S. Mangard, "Rowhammer.js: A Remote Software-induced Fault Attack in JavaScript," Proc. of the 13th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), arXiv:1507.06955, pp. 300-321, 2016.

[14] Y. Xiao, X. Zhang, Y. Zhang and R. Teodorescu, "One Bit Flips, One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege Escalation," Proc. of the 25th USENIX Security Symposium (USENIX Security 16), pp. 19-35, Austin, TX, USA, 2016.

[15] V. van der Veen, Y. Fratantonio, M. Lindorfer, D. Gruss, C. Maurice, G. Vigna, H. Bos, K. Razavi and C. Giuffrida, "Drammer: Deterministic Rowhammer Attacks on Mobile Platforms," Proc. of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1675-1689, DOI: 10.1145/2976749.2978406, 2016.

[16] K. Razavi, B. Gras, E. Bosman, B. Preneel, C. Giuffrida and H. Bos, "Flip Feng Shui: Hammering a Needle in the Software Stack," Proc. of the 25th USENIX Security Symposium (USENIX Security 16), pp. 1-18, Austin, TX, USA, 2016.

[17] A. Tatar, R. K. Konoth, E. Athanasopoulos, C. Giuffrida, H. Bos and K. Razavi, "Throwhammer: Rowhammer Attacks over the Network and Defenses," Proc. of the USENIX Annual Technical Conference (USENIX ATC 18), pp. 213-226, Boston, MA, USA, 2018.

[18] Y. Jang, J. Lee, S. Lee and T. Kim, "SGX-Bomb: Locking Down the Processor via Rowhammer Attack," Proc. of the 2nd Workshop on System Software for Trusted Execution, pp. 1-6, DOI: 10.1145/3152701.3152709, 2017.

[19] A. Ferraiuolo, R. Xu, D. Zhang, A. C. Myers and G. E. Suh, "Verification of a Practical Hardware Security Architecture through Static Information Flow Analysis," ACM SIGARCH Computer Architecture News, vol. 45, no. 1, pp. 555-568, 2017.

[20] T. Yaqoob, H. Abbas and M. Atiquzzaman, "Security Vulnerabilities, Attacks, Countermeasures and Regulations of Networked Medical Devices?A Review," IEEE Communications Surveys & Tutorials, vol. 21, no. 4, pp. 3723-3768, 2019.

[21] A. Stander and J. Ophoff, "Cyber Security in Civil Aviation," Imam Journal of Applied Sciences, vol. 1, no. 1, pp. 23-26, 2016.

[22] R. Albert and A.-L. Barabási, "Statistical Mechanics of Complex Networks," Reviews of Modern Physics, vol. 74, no. 1, pp. 47-97, 2002. [23] C. Li, Securing Computer Systems through Cyber Attack Detection at the Hardware Level, PhD Thesis, University of California, Irvine, 2020.

[24] Z. K. Younis and B. Mahmood, "Towards the Impact of Security Vulnerabilities in Software Design: A Complex Network-based Approach," Proc. of the 6th Int. Engineering Conf. “Sustainable Technology and Development" (IEC), pp. 157-162, DOI: 10.1109/IEC49899.2020.9122923, Erbil, Iraq, 2020.

[25] B. Mahmood, "Prioritizing CWE/SANS and OWASP Vulnerabilities: A Network-based Model," International Journal of Computing and Digital Systems, vol. 10, no. 1, pp. 361?372, 2021. 44 "An In-Depth Vision To Hardware Design Security Vulnerabilities", Z. Younis and B. Mahmood.

[26] S. Trecakov, C. Tran, H. Badawy, N. Siddique, J. Acosta and S. Misra, "Can Architecture Design Help Eliminate Some Common Vulnerabilities?" Proc. of the 14th IEEE Int. Conf. on Mobile Ad Hoc and Sensor Systems (MASS), pp. 590-593, DOI: 10.1109/MASS.2017.100, Orlando, FL, USA, 2017.

[27] C. Pilato, S. Garg, K. Wu, R. Karri and F. Regazzoni, "Securing Hardware Accelerators: A New Challenge for High-level Synthesis," IEEE Embedded Systems Letters, vol. 10, no. 3, pp. 77-80, 2018.

[28] J. Simonjan, S. Taurer and B. Dieber, "A Generalized Threat Model for Visual Sensor Networks," Sensors, vol. 20, no. 13, p. 3629, 2020.

[29] P. A. Wortman, F. Tehranipoor and J. A. Chandy, "Exploring the Coverage of Existing Hardware Vulnerabilities in Community Standards," Proc. of the Silicon Valley Cybersecurity Conference, Virtual, pp. 87-97, [Online], Available: https://svcc2020.svcsi.org/accepted-papers/Exploring-the-Coverage-of- Existing-Hardware-Vulnerabilities-in-Community-Standards, 2021.

[30] C. Bandi, S. Salehi, R. Hassan, S. M. P D, H. Homayoun and S. Rafatirad, "Ontology-driven Framework for Trend Analysis of Vulnerabilities and Impacts in IoT Hardware," Proc. of the 15th IEEE International Conference on Semantic Computing (ICSC), pp. 211-214, DOI: 10.1109/ICSC50631.2021.00045, Laguna Hills, CA, USA, 2021.

[31] S. Aftabjahani, R. Kastner, M. Tehranipoor, F. Farahmandi, J. Oberg, A. Nordstrom, N. Fern and A. Althoff, "Special Session: CAD for Hardware Security - Automation Is Key to Adoption of Solutions," Proc. of the 39th IEEE VLSI Test Symposium (VTS), pp. 1-10, DOI: 10.1109/VTS50974.2021.9441032, San Diego, CA, USA, 2021.

[32] J. Bellay, D. Forte, R. Martin and C. Taylor, "Hardware Vulnerability Description, Sharing and Reporting: Challenges and Opportunities," Proc. of Annual GOMACTech Conf., pp. 1-7, [Online], Available: http://dforte.ece.ufl.edu/wp-content/uploads/sites/65/2021/05/GOMACTech_conf.pdf, 2021.

[33] A. Clauset, C. R. Shalizi and M. E. J. Newman, "Power-law Distributions in Empirical Data," SIAM Review, vol. 51, no. 4, pp. 661-703, 2009.