Project Lead: Dr. Lok Yan
Sponsoring Organization: DARPA
Project Synopsis: SSITH seeks to protect electronic systems from common means of exploitation by addressing underlying hardware vulnerabilities at the source, instead of relying on patches to ensure the safety of software applications. The program is developing hardware security architectures and associated design tools to protect against entire classes of vulnerabilities exploited through software, such as buffer errors; information leakage; resource management; numeric errors; injection; permissions, privileges and access control; and hardware/system-on-chip implementation errors. The program’s approaches include: using metadata tagging to detect unauthorized system access; utilizing context-sensing pipelines to determine the intent of instructions; and employing formal methods to reason about integrated circuit systems and guarantee the accuracy of security characteristics. SSITH also is developing software tools to quantitatively measure the security properties of hardware architectures, and to express and reason about security architectures at the abstract (model) level and the concrete (product) level. Additionally, SSITH is exploring external evaluation efforts that involve crowdsourced red teaming of the technologies in development. The ultimate goal of the program is to produce SSITH ASICs with near-term applicability to a range of systems – from embedded systems found in mobile phones and Internet of Things devices to high-performance servers in the cloud and military systems.