{"title":"实用安全验证","authors":"M. King","doi":"10.1109/MTV.2013.23","DOIUrl":null,"url":null,"abstract":"Attackers are increasingly making use of unintended hardware or firmware behavior to build exploits. To minimize the likelihood of these attacks and to meet their security objectives, hardware products are adopting secure development processes, including performing security validation of components critical to enforcing these objectives. Despite the increasing visibility of hardware security issues, in some cases lack of expertise can create challenges. When that is true, validation might need to be performed by people without deep security expertise. In those cases, validators should focus on tests and methodologies that do not require substantial training to deploy in order to provide a basic level of security coverage. Many issues in access control and cryptographic logic can be caught by targeting a small number of common mistakes. Testing of non-standard configurations stresses assumptions made by critical protocols and components. And commonly used methods like constrained random testing can be adapted to mimic techniques used by attackers to find exploitable vulnerabilities. When combined these strategies can reduce the need for explicit, testable security requirements and enable nearly all validators to uncover a wide range of potential vulnerabilities.","PeriodicalId":129513,"journal":{"name":"2013 14th International Workshop on Microprocessor Test and Verification","volume":"18 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-12-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Practical Security Validation\",\"authors\":\"M. King\",\"doi\":\"10.1109/MTV.2013.23\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Attackers are increasingly making use of unintended hardware or firmware behavior to build exploits. To minimize the likelihood of these attacks and to meet their security objectives, hardware products are adopting secure development processes, including performing security validation of components critical to enforcing these objectives. Despite the increasing visibility of hardware security issues, in some cases lack of expertise can create challenges. When that is true, validation might need to be performed by people without deep security expertise. In those cases, validators should focus on tests and methodologies that do not require substantial training to deploy in order to provide a basic level of security coverage. Many issues in access control and cryptographic logic can be caught by targeting a small number of common mistakes. Testing of non-standard configurations stresses assumptions made by critical protocols and components. And commonly used methods like constrained random testing can be adapted to mimic techniques used by attackers to find exploitable vulnerabilities. When combined these strategies can reduce the need for explicit, testable security requirements and enable nearly all validators to uncover a wide range of potential vulnerabilities.\",\"PeriodicalId\":129513,\"journal\":{\"name\":\"2013 14th International Workshop on Microprocessor Test and Verification\",\"volume\":\"18 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-12-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 14th International Workshop on Microprocessor Test and Verification\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/MTV.2013.23\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 14th International Workshop on Microprocessor Test and Verification","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MTV.2013.23","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Attackers are increasingly making use of unintended hardware or firmware behavior to build exploits. To minimize the likelihood of these attacks and to meet their security objectives, hardware products are adopting secure development processes, including performing security validation of components critical to enforcing these objectives. Despite the increasing visibility of hardware security issues, in some cases lack of expertise can create challenges. When that is true, validation might need to be performed by people without deep security expertise. In those cases, validators should focus on tests and methodologies that do not require substantial training to deploy in order to provide a basic level of security coverage. Many issues in access control and cryptographic logic can be caught by targeting a small number of common mistakes. Testing of non-standard configurations stresses assumptions made by critical protocols and components. And commonly used methods like constrained random testing can be adapted to mimic techniques used by attackers to find exploitable vulnerabilities. When combined these strategies can reduce the need for explicit, testable security requirements and enable nearly all validators to uncover a wide range of potential vulnerabilities.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
