Two interesting papers today, one discussing protections on arm64 (sorry, cannot bring myself to use AArch64 seriously, that's like x86_64, who comes up with these?¹)

* "InversOS: Efficient Control-Flow Protection for AArch64 Applications with Privilege Inversion"

* Evil from Within: Machine Learning Backdoors through Hardware Trojans

Both are very much within my interests: hardware trojans and trying to apply "interesting" protections to operating systems².

#arXiv #ResearchPapers #ControlFlowProtections #Arm #MachineLearning #MachineLearningBackdoors #HardwareTrojans #FPGA
__
¹ Disclaimer: I have spent "some time" trying to figure out why an Intel machine wouldn't boot OpenBSD bsd.rd because I, er, downloaded arm64 instead of amd64 so I have a distinct appreciation for the possible confusion ​.
² Disclaimer: yes, I know I always say "There will always be a Belgium" but it is interesting to see creative protection ideas.

S. Parvin et al., "Trojan-D2: Post-Layout Design and Detection of Stealthy Hardware Trojans - A RISC-V Case Study"

With the exponential increase in the popularity of the RISC-V ecosystem, the security of this platform must be re-evaluated especially for mission-critical and IoT devices. Besides, the insertion of a Hardware Trojan (HT) into a chip after the in-house mask design is outsourced to a chip manufacturer abroad for fabrication is a significant source of concern. Though abundant HT detection methods have been investigated based on side-channel analysis, physical measurements, and functional testing to overcome this problem, there exists stealthy HTs that can hide from detection. This is due to the small overhead of such HTs compared to the whole circuit.
In this work, we propose several novel HTs that can be placed into a RISC-V core's post-layout in an untrusted manufacturing environment. Next, we propose a non-invasive analytical method based on contactless optical probing to detect any stealthy HTs. Finally, we propose an open-source library of HTs that can be used to be placed into a processor unit in the post-layout phase. All the designs in this work are done using a commercial 28nm technology.

#ResearchPapers #RISCV #HardwareTrojans
__
¹ https://dl.acm.org/doi/10.1145/3566097.3567919

P. Roy et al., "A survey of Digital Manufacturing Hardware and Software Trojans"¹

Digital Manufacturing (DM) refers to the on-going adoption of smarter, more agile manufacturing processes and cyber-physical systems. This includes modern techniques and technologies such as Additive Manufacturing (AM)/3D printing, as well as the Industrial Internet of Things (IIoT) and the broader trend toward Industry 4.0. However, this adoption is not without risks: with a growing complexity and connectivity, so too grows the cyber-physical attack surface. Here, malicious actors might seek to steal sensitive information or sabotage products or production lines, causing financial and reputational loss. Of particular concern are where such malicious attacks may enter the complex supply chains of DM systems as Trojans -- malicious modifications that may trigger their payloads at later times or stages of the product lifecycle.
In this work, we thus present a comprehensive overview of the threats posed by Trojans in Digital Manufacturing. We cover both hardware and software Trojans which may exist in products or their production and supply lines. From this, we produce a novel taxonomy for classifying and analyzing these threats, and elaborate on how different side channels (e.g. visual, thermal, acoustic, power, and magnetic) may be used to either enhance the impact of a given Trojan or utilized as part of a defensive strategy. Other defenses are also presented -- including hardware, web-, and software-related. To conclude, we discuss seven different case studies and elaborate how they fit into our taxonomy. Overall, this paper presents a detailed survey of the Trojan landscape for Digital Manufacturing: threats, defenses, and the importance of implementing secure practices.

#arXiv #ResearchPapers #HardwareTrojans #AdditiveManufacturing #IndustrialInternetOfThings #DigitalManufacturing
__
¹ https://arxiv.org/abs/2301.10336

T. Mosavirik et al., "Silicon Echoes: Non-Invasive Trojan and Tamper Detection using Frequency-Selective Impedance Analysis"¹

The threat of chip-level tampering and its detection is a widely researched field. Hardware Trojan insertions are prominent examples of such tamper events. Altering the placement and routing of a design or removing a part of a circuit for side-channel leakage/fault sensitivity amplification are other instances of such attacks. While semi- and fully-invasive physical verification methods can confidently detect such stealthy tamper events, they are costly, time-consuming, and destructive. On the other hand, virtually all proposed non-invasive side-channel methods suffer from noise and, therefore, have low confidence. Moreover, they require activating the tampered part of the circuit (e.g., the Trojan trigger) to compare and detect the modification. In this work, we introduce a general non-invasive post-silicon tamper detection technique applicable to all sorts of tamper events at the chip level without requiring the activation of the malicious circuit. Our method relies on the fact that all classes of physical modifications (regardless of their physical, activation, or action characteristics) alter the impedance of the chip. Hence, characterizing the impedance can lead to the detection of the tamper events. To sense the changes in the impedance, we deploy known RF tools, namely, scattering parameters, in which we inject sine wave signals with high frequencies to the power distribution network (PDN) of the system and measure the “echo” of the signal. The reflected signals in various frequency bands reveal different tamper events based on their impact size on the die. To validate our claims, we performed extensive measurements on several proof-of-concept tampered hardware implementations realized on an FPGA manufactured with a 28 nm technology. Based on these groundbreaking results, we demonstrate that stealthy hardware Trojans, as well as sophisticated modifications of P&R, can be detected with high confidence.

#IACR #HardwareTrojans #ResearchPapers

__
¹ https://eprint.iacr.org/2023/075