From Bluetooth transceivers to the NASA Mars Rover, reconfigurable circuits have become one of the mainstays of embedded design. Combining the high computational performance of specialized circuits with the re-programmability of software, these devices are quickly becoming ubiquitous. Unfortunately, if unprotected, this reconfigurability could be exploited to disrupt critical operations, snoop on supposedly secure channels, or even to physically melt a device. However, a new approach to controlling changes to the hardware logic promises to overcome these problems. In addition, the innate malleability of this hardware presents the opportunity for hardware enforcement of adaptive security policies. For example, in an emergency, trusted individuals may need to override the nominal security policy. Thus, the reconfigurable component may provide a highly trusted mechanism for secure functionality in changing environments.
This research aims to close a gaping security hole in our nation's information infrastructure by enhancing the logical structure and internal management of reconfigurable hardware to enforce a dynamic information protection policy. Specifically, this research will: (1) discover hardware synthesis and static validation methods that will ensure that only secure and non-destructive configurations can be loaded, (2) develop new reconfigurable structures capable of securely mediating run-time access to shared resources through the use of hardware-compiled formal access policy languages, and (3) establish a firm foundation for trustworthy dynamic policy enforcement through ontological analysis, formal modeling and the development of management mechanisms integrating the results of the first two activities.
