The goal of the BlueChip project is to develop security defenses against malicious hardware. Hardware and software are functional equivalents. To date, computer security problems have generally been attacks or exploitations of software systems. However, the sophistication and complexity of hardware systems is now great enough that many opportunities for malice exist in the path from design to realization.
This project will be the first to demonstrate the feasibility of Intelligent Malicious Processors (IMPs). Initial investigations indicate that small hardware alterations can be used to bootstrap many varieties of malicious behavior into existence, such as hardware supported access to privileged operation. Such misbehaving hardware has outsized system effects, because software designers depend on (i.e., trust) hardware to perform correctly, and therefore do not defend against malicious hardware. One may address these problems, in principle, by tightly controlling each step and handoff in the path from design to realization (sometimes called the "supply chain''). A superior solution is to presume that attackers will overcome these technical and procedural hurdles, and to build defenses. BlueChip will develop new architectural approaches to defending against a wide variety of malicious hardware. For example, BlueChip will develop a family of anomaly detection schemes for processors that can detect malicious hardware and trigger remediations.
Hardware and software are functional equivalents. To date, computer security problems have generally been attacks or exploitations of software systems. However, the sophistication and complexity of hardware systems is now great enough that many opportunities for malice exist in the path from design to realization. This research was the first to demonstrate the feasibility of Intelligent Malicious Processors (IMPs). Initial investigations indicate that small (<1K gate) hardware alterations can be used to bootstrap many varieties of malicious behavior into existence, such as hardware supported access to privileged operation. Such misbehaving hardware has outsized system effects, because software designers depend on (i.e., trust) hardware to perform correctly, and therefore do not defend against malicious hardware. One may address these problems, in principle, by tightly controlling each step and handoff in the path from design to realization (sometimes called the "supply chain"). A superior solution is to presume that attackers will overcome these technical and procedural hurdles, and to build defenses. This project introduced BlueChip, a new architectural approaches to defending against a wide variety of malicious hardware. BlueChip develops the fundamental tools and algorithms for detecting and defending against malicious hardware and prevents new classes of local and remote attacks enabled by such hardware. The work brings together key ideas from the computer architecture and computer security areas, leading to novel architectures with inherent defenses against malicious hardware. There is increasing societal dependence on ubiquitous processors embedded in medical and consumer devices such as cellular telephones, graphics processors and GPS location devices. BlueChip provides a pathway to detection and defense against security risks from the hardware comprising these systems, making the enormous disruptions possible with such attacks far more difficult than today. This research essentially created and defined the area of malicious hardware designs, detection algorithms, and defenses, both off-line and real-time (on line). An extremely important byproduct of this was the first generation of graduate students who understand the challenges of these areas and can enable the creation of commercial realizations of solutions to these problems.
