A well-known challenge in Systems Security Engineering is the “silo” effect of compartmentalized security knowledge, especially in complex systems. Security experts have specialized knowledge in their security domain but often are not aware of the limits of their security implementation when paired with other security domains in complex systems. This “silo” effect is particularly a challenge in the overlapping areas of microelectronics and software security.
In the more than 20-year history of Invariant, along with my career, we have had a longstanding background in software development and hardware/software integration on deployed systems. We’ve also been involved in the earliest designs of microelectronics security, providing vulnerability analysis and technology development for microelectronics security solutions.
This cross-domain experience has given us unique insight into the solutions and limitations of both hardware and software. Both microelectronics hardware security and software security each have unique characteristics, roles, and threats.
Microelectronics Hardware Security
The design of microelectronics makes it primarily a confidentiality challenge when an attacker has physical access. An attacker with physical access has complete control to monitor or modify the system with a variety of invasive and non-invasive tools.
Microelectronics security designs serve several purposes. The most important role is that of a secure key store for decryption and authentication keys. These key stores release keys for encryption/decryption of data, authentication of users, authentication of software, and hashes for measurements.
The microelectronics industries’ history of cryptographic key stores and the threat of physical access drives them to be primarily immutable (at least by the user). The designer may have a toolset to do a provisioning of the device in a controlled setting, but from the user’s view, it is immutable. The cryptographic nature and immutability drive the designers not to think in terms of risk management, but rather a binary: “Is it secure or not?”.
The key defense for microelectronics is well-implemented cryptography, with protections from physical tampering.
Software Security
The design of the software makes security primarily a runtime integrity challenge. An attacker with either physical access or through-an-interface access can implement their own software executing on the processor. Once the attacker gains initial access, they can chain together a series of vulnerabilities to capture and exfiltrate data. Complex systems can often have millions of lines of code developed by multiple parties, providing attackers ample paths to take advantage of vulnerabilities.
Complex software systems are constantly changing. Users log in, data changes and software gets swapped in and out of memory. This mutable nature is fundamentally different from microelectronics hardware security, which is based on being immutable. This drives software security to primarily be a risk management effort as opposed to a strict cryptographic effort.
The key defense for software security is a layered defense which first attempts to prevent access by threats but also strives to prevent the attacker from chaining together vulnerabilities to exfiltrate data.
Integration Challenge
The primary challenge in integrating a microelectronics solution with a complex software system is bridging the gap between an immutable and cryptographic-based microelectronics design to a complex and mutable software environment. In traditional commercial solutions, the transition between the mutable microelectronics solution and the software environment has been performed by the microelectronics authenticating a software-based Initial Boot Block (IBB).
Once that IBB has been authenticated, it is the responsibility of the software stack to continue the authentication chain throughout the remainder of the boot process. In this model, vulnerabilities in the software stack can often be taken advantage of by the attacker, and the microelectronics solution is unable to provide independent authentication.
The other traditional solution is that the microelectronics design provides an independent measurement of volatile memory and compares it to a provisioned measurement. The microelectronics solution can then implement responses to any changes in memory from a known good, provisioned state.
Both approaches provide value in an overall systems security architecture, but each has limitations since only sections of the software architecture can be treated as immutable. Each approach is focused on the early boot process and does not provide value in a dynamic run-time environment. It’s important to consider each limitation and challenge of microelectronics and software security to create the strongest technical solution.
Summary
Understanding the integration of microelectronics hardware security and software security is essential for fostering a systems approach to safeguarding electronic systems. Microelectronics hardware security involves strengthening the physical components, such as integrated circuits and processors, against potential threats like tampering. Simultaneously, software security focuses on protecting the system through robust coding practices, encryption, and access controls.
Combining these two facets is critical as it provides a multi-layered defense strategy, addressing vulnerabilities both at the hardware and software levels. This comprehensive approach not only enhances resilience against cyber threats but also ensures that potential exploits are mitigated from both a physical and digital standpoint, reinforcing the overall reliability and security of electronic devices and systems.
If you’re interested in learning more about our hardware and software security capabilities, visit https://www.invariant-corp.com/hwa-and-security or reach out to the author at akrell@invariant-corp.com.