DARPA System Security Integration Program Via Hardware and Firmware (SSITH) explores hardware security architectures and tools that protect electronic systems against common classes of hardware vulnerabilities exploited through software, with the goal of breaking the never-ending cycle of software patches and prayer. To date, research on the program has focused on developing approaches and demonstrating a concept that system-on-chip designers can use to limit computer hardware to secure states while maintaining performance and reliability. power.
After rigorous testing and evaluation, researchers have proven that SSITH concepts provide robust hardware protections against the known common weakness enumeration classes of hardware vulnerabilities. The SSITH program is now entering a final phase and focuses on the transition and conversion of proven concepts from laboratory findings to practical application. The Lockheed Martin Corporation team goes beyond virtual processors and aims to develop an application-specific integrated circuit (ASIC) that integrates a dual-core Arm processor and multiple peripheral interfaces with built-in security capabilities provided by their approach. Proven SSITH, known as Architectural Resilience By Design (DUR) material.
Lockheed Martin’s HARD uses an approach to provide a hardware solution to protect systems against multiple classes of hardware vulnerabilities. Rather than performing “major surgery” on the processor pipeline to implement new instructions or change the format of a pointer, the HARD approach uses a set of pipelines running in parallel with the main execution path of the processor to act as parallel co-security. processor, monitoring the main processor and ready to report any malicious operations. Each pipeline monitors the flow of instructions running on the main CPU pipeline, deriving the current semantic context based on expected instruction patterns and checking for any attempted exploitation.
HARD pipelines can be aggregated to deploy more or less security coverage depending on the needs of the target environment, essentially allowing a user to pay only for what they need. Additionally, since major modifications to the main processor are not required, HARD can be deployed to enhance security on any processor architecture.
“By providing HARD protections to an ASIC, we are bringing SSITH technology closer to practical use,” said Keith Rebello, the program manager at the head of SSITH. âLockheed Martin plans to spend the next two years taking HARD from the lab to a secure processor that we can integrate with other computing hardware, demonstrating SSITH’s ability to protect real-world systems from exploitation. “
Read the announcement at DARPA