中文 English

Ensuring Security By Design Is Actually Secure

A security-first approach isn’t always enough to ensure comprehensive protection from hardware weaknesses.

popularity

Today’s connected systems touch nearly every part of consumers’ lives, from smart thermostats in our homes to self-driving cars on our roads. The adoption of these new devices has led to an explosion of new semiconductors and use models. But these novel conveniences also come with new risks. With vulnerabilities on the rise and the potential for remote attacks growing, product companies must find systematic ways to protect device functionality, consumer safety, and data privacy. One such way is by approaching the development of today’s devices with security by design in mind.

The industry is taking some early steps to meet this challenge. The MITRE Corporation, which maintains the CWE database of software and hardware vulnerabilities found in systems, began tracking hardware weaknesses in 2020. Meanwhile, many product companies are bringing security by design approaches to their design and development process.

But what does security by design mean in practice? And is it enough to meet the growing set of hardware security challenges that the coming wave of connected devices will bring?

What is security by design?

A secure-by-design approach attempts to shift security to earlier stages of the design and development process rather than addressing issues reactively. This is particularly important for hardware-based products. Since silicon can’t be “patched” in the same way that software can, shipping a product with a hardware security weakness can have catastrophic long-term consequences.

The goal is for developers to make systems as impervious to attack as possible. The approach calls for designers to consider what protection each component needs and include appropriate defense mechanisms. The specific cybersecurity controls used will vary from system to system. But all systems should incorporate best practices that range from hardware defenses physical protections, implementing secure boot, and integrating a hardware-based root of trust to software defenses like virus scans and sanitization policies. Ideally, the final system and its defense mechanisms should be running software and hardware that is free of vulnerabilities.

While 100% secure hardware is a great goal, it can be difficult to achieve. After all, product development teams face constant pressure to meet deadlines and deliver innovations to the market quickly to stay competitive.

Challenges with security by design

While moving to a security-first design approach is critical for today’s systems, it isn’t always enough to ensure comprehensive protection from hardware weaknesses. The unfortunate reality is that even the most talented and advanced development teams are human and risk missing vulnerabilities, or even introducing them at various stages of design configuration and integration. Therefore, security by design must include security verification at every step of development and not rely on functional security verification alone.

Team organization

Building any product, let alone one that incorporates secure by design practices, is extremely complex if all teams aren’t aligned. Large and often geographically distributed teams are often hyper-focused on specific functionality and may lack context and understanding of the entire security architecture. It’s hard to keep all your stakeholders in sync around security at every step of a complex product life cycle without slowing progress – especially when third-party partners are involved.

Development teams looking to achieve security by design in their systems must first ensure that all groups and stakeholders across the organization are on the same page with regards to security requirements.

Design structure

The potential for an exploitable hardware weakness can lurk everywhere and anywhere in a system, including in the cybersecurity defense mechanisms meant to protect it. While it’s best practice to ensure each is secure and processes are separate and local, the reality is that some assets need to pass through shared resources, buses, memories, and registers. While each component may be individually secure, unintended leakage can occur if the system isn’t comprehensively tested.

Chip lifecycle complexity and duration

As our systems become more complex, so do the chips that make them run. In addition to the various defense mechanisms that might introduce new weaknesses to a system, the inclusion of different hardware IP blocks can also introduce vulnerabilities at the point of integration.

This means that, even if each layer is designed to be secure, vulnerabilities can be introduced at any point of the development and design process. Whether that’s an IP block implementation on a chip, the system on a chip (SoC) integration, or a change in the system configuration, vulnerabilities can present throughout a system. Without a systematic approach, even the best design may turn up last-minute security surprises. The only effective way to understand and mitigate these evolving risks is by performing automated security testing at every step of the semiconductor lifecycle.

Every approach to security by design needs to include verification

The good news for those who have already adopted security by design as an approach is that methods exist to address these gaps and make product security more systematic.

Tortuga Logic’s Radix technology can help you assess your current level of hardware security maturity. Then our team will work with you to map out an approach and provide new tools that will ensure you can detect and mitigate hardware weaknesses before they become a significant issue and compromise product delivery or consumer safety.

Tortuga Logic’s teams and solutions leverage known best practices and unique technologies to help organizations create a comprehensive and repeatable process for verification as well as improve their approach to hardware security. This allows companies to ensure a more secure final product — significantly reducing risk without compromising time to market.

All of this can be integrated into an organization’s existing flows and tools, providing the foundation for a comprehensive program that allows organizations to realize security by design by not only designing for security but also verifying it.



Leave a Reply


(Note: This name will be displayed publicly)