P23_21: Managing Security through the Hardware Lifecycle with Risk-Based Standards
Topic Areas: Electronic HW and System Security, Risk Mitigation
Principal investigator: Dr. John Chandy, University of Connecticut
Co-Principal investigators: Dr. James Lambert, Dr. Zachary Collier, University of Virginia
As embedded systems and the supporting electronics become more complex, for attackers, there are increased opportunities for attackers to exploit vulnerabilities. These vulnerabilities could be at the device, circuit, architecture, board, or firmware level and at different steps in the system life-cycle including design, packaging, testing, manufacturing, deployment, and field. Current approaches to improve the security posture of these systems include building various defensive layers, or creating ad hoc security patches to address vulnerabilities, often under time pressure. Processes and standards can never completely eliminate all vulnerabilities in a system, but rather can try to at least mitigate the risk because of those vulnerabilities. However, understanding that risk requires being able to quantify the risk. This project will provide a quantitative, risk-based framework and recommended standards to manage risk of complex electronics systems throughout their life cycles (conceptual design, requirements, specifications, design, test and evaluation, implementation, etc.) and their supply chains. The developed methodology will be demonstrated and validated using available data on existing devices of interest to the CHEST partners.