DARPA asks industry to develop built-in cyber security against computer hardware vulnerabilities
ARLINGTON, Va. – U.S. military researchers are asking for industry's help in developing hardware design tools to provide built-in cyber security against computer hardware vulnerabilities that are exploited through software in military and commercial electronic systems.
Officials of the U.S. Defense Advanced Research Projects Agency (DARPA) in Arlington, Va., issued a solicitation last week (HR001117S0023) for the System Security Integrated Through Hardware and firmware (SSITH) program.
SSITH aims to secure computer hardware that constrains the reduces vulnerabilities to cyber attack and protects against software attacks that exploit hardware vulnerabilities.
Electronic system security has become a critical area of concern for the U.S. Department of Defense (DOD) and the broader U.S. population. Current efforts to provide electronic security largely rely on software, which can prove to be inadequate because they fail to address the underlying hardware vulnerability.
Creative hackers can develop new ways to exploit software access to the remaining hardware vulnerability, which can start a continuous cycle of exploitation, patching, and subsequent exploitation. Instead, the DARPA SSITH program focuses on hardware security at the microarchitecture level.
Related: DARPA awards contracts for XD3 cyber security project to counter denial of service attacks
DARPA scientists are interested in security approaches that will limit computer hardware to states that are secure while maintaining the system performance and power.
SSITH will develop architectures and design tools that enable system-on-chip (SoC) designers to safeguard hardware against all seven known Common Weakness Enumeration (CWE) classes of hardware vulnerabilities that can be exploited through software.
Architectures and design tools developed through this program will provide and flexible solutions applicable to DOD and commercial electronic systems, DARPA officials say.
Security concepts that may be incorporated in a security architecture include cryptography; metadata tagging; formal verification; verified state matching; anomalous state detection; secure multi-party computing; semi-homomorphic computing; and security through compartmentalization.
Related: DARPA eyes cyber security for Internet of Things (IoT) and embedded computing devices
Systems designers should be able to use SSITH security architectures so that existing application software can run on secure hardware without software modification, although some software modification may be necessary to exploit hardware security features fully. SSITH architectures should be scalable to apply to small, ultra-low power systems to large, high-performance systems.
The SSITH program has two technical areas: developing scalable, flexible, and adaptable integrated circuit security architectures that can be implemented easily in DOD and commercial SoCs; and develop ways to evaluate these architectures.
Companies interested should submit proposals no later than 5 June 2017 to DARPA online at https://baa.darpa.mil. Email questions or concerns to DARPA at [email protected].
More information is online at https://www.fbo.gov/spg/ODA/DARPA/CMO/HR001117S0023/listing.html.
Learn more: search the Aerospace & Defense Buyer's Guide for companies, new products, press releases, and videos
John Keller | Editor
John Keller is editor-in-chief of Military & Aerospace Electronics magazine, which provides extensive coverage and analysis of enabling electronic and optoelectronic technologies in military, space, and commercial aviation applications. A member of the Military & Aerospace Electronics staff since the magazine's founding in 1989, Mr. Keller took over as chief editor in 1995.