Aggressive Design Reuse for Ubiquitous Zero-Trust Edge Security—From Physical Design to Machine-Learning-Based Hardware Patching

Massimo Alioto
{"title":"Aggressive Design Reuse for Ubiquitous Zero-Trust Edge Security—From Physical Design to Machine-Learning-Based Hardware Patching","authors":"Massimo Alioto","doi":"10.1109/OJSSCS.2022.3223274","DOIUrl":null,"url":null,"abstract":"This work presents an overview of challenges and solid pathways toward ubiquitous and sustainable hardware security in next-generation silicon chips at the edge of distributed and connected systems (e.g., IoT and AIoT). As the first challenge, the increasingly connected nature and the exponential proliferation of edge devices are unabatingly increasing the overall attack surface, making attacks easier and mandating ubiquitous security down to each edge node. At the same time, the necessity to incorporate zero-trust policies in large-scale distributed systems requires a complete set of security primitives for hardware-backed authentication, and a higher degree of physical context awareness (including primitives detecting the onset of physical attacks). Thus, making the inclusion of such security primitives economically sustainable even in low-end devices is a second key challenge. As third challenge, the ever-changing vulnerability landscape and the need for increased chip longevity in distributed systems require security assurance methods that are sustainable and adaptive across the entire chip lifecycle. In this work, design principles and promising directions to enable ubiquitous and sustainable security capabilities along with physical awareness are discussed. Such achievements require a fundamental rethinking of design methodologies to enable aggressive design and resource reuse (e.g., area, power, and design effort), along with low-cost on-chip sensorization and intelligence for physical attack detection. Such rethinking inevitably crosses over the traditional design abstractions, and requires innovation from the physical to the algorithmic level. At the physical and circuit levels, design and resource reuse is enabled by immersed-in-logic and in-memory security approaches. At the algorithm level, “hardware patching” is introduced and exemplified to show that runtime intelligence (machine learning) allows security capabilities to adapt and improve over time, as typical of security patching in software. Sensing techniques to detect attacks in situ from noninvasive to invasive are illustrated while still preserving fully automated design approaches. Overall, the above design principles are expected to push security capabilities in distributed systems to a new level, ultimately making the edge more intelligent and self-reliant, and security measures more distributed.","PeriodicalId":100633,"journal":{"name":"IEEE Open Journal of the Solid-State Circuits Society","volume":"3 ","pages":"1-16"},"PeriodicalIF":0.0000,"publicationDate":"2022-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/iel7/8782712/10019316/09955388.pdf","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Open Journal of the Solid-State Circuits Society","FirstCategoryId":"1085","ListUrlMain":"https://ieeexplore.ieee.org/document/9955388/","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

This work presents an overview of challenges and solid pathways toward ubiquitous and sustainable hardware security in next-generation silicon chips at the edge of distributed and connected systems (e.g., IoT and AIoT). As the first challenge, the increasingly connected nature and the exponential proliferation of edge devices are unabatingly increasing the overall attack surface, making attacks easier and mandating ubiquitous security down to each edge node. At the same time, the necessity to incorporate zero-trust policies in large-scale distributed systems requires a complete set of security primitives for hardware-backed authentication, and a higher degree of physical context awareness (including primitives detecting the onset of physical attacks). Thus, making the inclusion of such security primitives economically sustainable even in low-end devices is a second key challenge. As third challenge, the ever-changing vulnerability landscape and the need for increased chip longevity in distributed systems require security assurance methods that are sustainable and adaptive across the entire chip lifecycle. In this work, design principles and promising directions to enable ubiquitous and sustainable security capabilities along with physical awareness are discussed. Such achievements require a fundamental rethinking of design methodologies to enable aggressive design and resource reuse (e.g., area, power, and design effort), along with low-cost on-chip sensorization and intelligence for physical attack detection. Such rethinking inevitably crosses over the traditional design abstractions, and requires innovation from the physical to the algorithmic level. At the physical and circuit levels, design and resource reuse is enabled by immersed-in-logic and in-memory security approaches. At the algorithm level, “hardware patching” is introduced and exemplified to show that runtime intelligence (machine learning) allows security capabilities to adapt and improve over time, as typical of security patching in software. Sensing techniques to detect attacks in situ from noninvasive to invasive are illustrated while still preserving fully automated design approaches. Overall, the above design principles are expected to push security capabilities in distributed systems to a new level, ultimately making the edge more intelligent and self-reliant, and security measures more distributed.
面向普遍零信任边缘安全的激进设计重用——从物理设计到基于机器学习的硬件补丁
这项工作概述了在分布式和连接系统(如物联网和AIoT)边缘的下一代硅片中实现普遍和可持续硬件安全的挑战和坚实途径。作为第一个挑战,边缘设备日益互联的性质和指数级的激增正在不断增加整个攻击面,使攻击变得更容易,并要求每个边缘节点都具有无处不在的安全性。同时,在大规模分布式系统中引入零信任策略的必要性需要一套完整的用于硬件支持的身份验证的安全原语,以及更高程度的物理上下文感知(包括检测物理攻击开始的原语)。因此,即使在低端设备中,使这种安全原语的包含在经济上也是可持续的,这是第二个关键挑战。第三个挑战是,不断变化的漏洞环境和分布式系统对延长芯片寿命的需求,需要在整个芯片生命周期中具有可持续性和适应性的安全保证方法。在这项工作中,讨论了实现无处不在和可持续的安全能力以及物理感知的设计原则和有希望的方向。这些成就需要从根本上重新思考设计方法,以实现积极的设计和资源重用(例如,面积、功率和设计工作),以及低成本的片上传感和物理攻击检测智能。这种反思不可避免地跨越了传统的设计抽象,需要从物理到算法层面的创新。在物理和电路级别,设计和资源重用是通过嵌入逻辑和内存安全方法实现的。在算法层面,引入并举例说明了“硬件补丁”,以表明运行时智能(机器学习)允许安全能力随着时间的推移而适应和改进,这是软件中典型的安全补丁。说明了在原位检测从非侵入性到侵入性攻击的传感技术,同时仍然保留了完全自动化的设计方法。总体而言,上述设计原则有望将分布式系统的安全能力提升到一个新的水平,最终使边缘更加智能和自力更生,安全措施更加分散。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信