Security at the hardware level is the goal of DARPA's SSITH program
ARLINGTON, Va. Defense Advanced Research Projects Agency (DARPA) officials launched a new program that aims to protect against cyberintruders at the hardware and circuit level, rather than relying only on software-based security patches. The System Security Integrated Through Hardware and Firmware (SSITH) program aims to design security directly at the hardware architecture level.
“Security for electronic systems has been left up to software until now, but the overall confidence in this approach is summed up in the sardonic description of this standard practice as ‘patch and pray,’” says SSITH program manager Linton Salmon of the Agency’s Microsystems Technology Office. “This race against ever more clever cyberintruders is never going to end if we keep designing our systems around gullible hardware that can be fooled in countless ways by software. The SSITH program will complement DARPA software security efforts like High-Assurance Cyber Military Systems (HACMS) and the Cyber Grand Challenge (CGC) by taking advantage of new technologies to develop integrated circuits that are inherently impervious to software end-runs.”
SSITH specifically seeks to address the seven classes of hardware vulnerabilities listed in the Common Weakness Enumeration (cwe.mitre.org), a crowd-sourced compendium of security issues that is familiar to the information technology security community. In cyberjargon, these classes are: permissions and privileges, buffer errors, resource management, information leakage, numeric errors, crypto errors, and code injection. Researchers have documented some 2800 software breaches that have taken advantage of one or more of these hardware vulnerabilities, all seven of which are variously present to in the integrated microcircuitry of electronic systems around the world.
Salmon adds, remove those hardware weaknesses and one would effectively close down more than 40 percent of the software doors intruders now have available to them.
The strategic challenge for participants in the SSITH program will be to develop new integrated circuit (IC) architectures that lack the current software-accessible points of illicit entry, yet retain the computational functions and high-performance the ICs were designed to deliver.
Another goal of the program is to develop of design tools that would become widely available so that hardware-anchored security would eventually become a standard feature of ICs in both Defense Department and commercial electronic systems. The anticipated 39-month program centers on two technical areas. One of them focuses on the development and demonstration of hardware architectures that protect against one or more of the seven vulnerability classes as well as design tools the electronics community would need for including hardware-based security innovations in their design and manufacturing practices. The second technical area encompasses methodologies and metrics for measuring (and representing for system designers) the security status of the newly designed electronic systems and any tradeoffs the hardware-won security might levy in the form of system performance, power needs and efficiency, circuit area, and other standard circuit features.
DARPA will host a Proposers Day in support of the SSITH program on Friday, April 21, 2017, at the Booz Allen Hamilton Conference Center. The purpose of this meeting is to provide information on the SSITH program, address questions from potential proposers, and provide an opportunity for potential proposers to identify possible teaming arrangements.
Participants must register for the SSITH Proposers Day through the registration website by April 18. More information about the Proposers Day is available in a Special Notice (DARPA-SN-17-31) posted on FBO.gov.
Read more on cybersecurity:
Operational risk is focus of DISA's cyber assessment program
DARPA contracts with Vencore Labs for advanced cyberdefense research
Navy & Old Dominion University sign CRADA to assess security in cyber-electronic warfare systems