Hardware security in practice: Challenges and opportunities

Computing platforms used in practice are complex and require interaction between multiple hardware components (such as processor, chipset, memory and peripherals) for their normal operation. Maintaining security of these computing platforms translates to verifying there are no known security exploits present in the run-time interaction between these hardware units which can be exploited by attackers. However, given the large number of state elements in the hardware units and many control signals influencing their mutual interaction, validating security of a commercial computing platform thoroughly can be complicated and intractable. We believe this real-world perspective of hardware security is crucial to building secure systems in practice, but it has not been sufficiently addressed in security research community, and our paper is a step in covering this gap. In this paper, we exemplify the challenges in correctly implementing security in commercial hardware platforms through representative examples of various classes of hardware-oriented security attacks. We present an overview of methods adopted to deal with the complexity of validating security of hardware in an industrial setting, and enumerate opportunities present for the security research community to contribute to hardware security validation.