High Performance Microchip Supply - Under Secretary of Defense ...
High Performance Microchip Supply - Under Secretary of Defense ...
High Performance Microchip Supply - Under Secretary of Defense ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
RECOMMENDATIONS ____________________________________________________________<br />
the voluntary exchange <strong>of</strong> best practices for assuring<br />
trust <strong>of</strong> standard programmable hardware among<br />
commercial semiconductor developers, through the<br />
creation <strong>of</strong> courseware and industry information<br />
exchange programs. Developers <strong>of</strong> high-volume,<br />
standard parts are commercially motivated to<br />
ensure the integrity <strong>of</strong> their designs, both during the<br />
design and manufacturing process and once they are<br />
in operation. However, these suppliers are not wellinformed<br />
<strong>of</strong> the means by which adversaries might<br />
attempt to compromise their designs and<br />
mechanisms that could be used to detect and deter<br />
such efforts. It is likely that a substantial<br />
improvement in the trustworthiness <strong>of</strong> standard<br />
commercial parts could be obtained simply through<br />
increased awareness <strong>of</strong> threat models and the<br />
exchange <strong>of</strong> best practices among the commercial<br />
parties.<br />
Research to Enable Firmware Integrity. A targeted<br />
DOD program in the area <strong>of</strong> firmware integrity<br />
would likely lead to the rapid development,<br />
dissemination, and adoption <strong>of</strong> improvements to<br />
these trust-related aspects <strong>of</strong> programmable parts.<br />
Today’s standard parts, especially FPGAs, <strong>of</strong>fer<br />
limited protection against the compromise <strong>of</strong> their<br />
firmware, i.e., the configuration s<strong>of</strong>tware that is<br />
loaded into the parts prior to or during execution.<br />
The loading <strong>of</strong> low-level firmware (e.g., the BIOS)<br />
into CPUs can also have similar vulnerabilities.<br />
However, it is likely that suppliers <strong>of</strong> commercial<br />
parts would incorporate protective measures if they<br />
were readily available. Thus, DOD investment in<br />
university research in this area could yield<br />
significant improvements in the trustworthiness <strong>of</strong><br />
standard parts.<br />
“Design for Trust Evaluation.” In conjunction with<br />
the above, the DOD should initiate a research<br />
program on “design for trust evaluation” along the<br />
74 _________________________________________________________ DSB TASK FORCE ON