Date Published: June 13, 2024
Comments Due:
Email Questions to:
Author(s)
Peter Mell (NIST), Irena Bojanova (NIST)
Announcement
There is an incorrect and widespread assumption that hardware is inherently secure. However, this report documents numerous potential security failures that can occur in hardware. It also demonstrates the diverse ways in which hardware can be vulnerable.
The authors leveraged existing work on hardware weaknesses to provide a catalog of 98 security failure scenarios. Each of these is a succinct statement that describes how hardware can be exploited, where such an exploitation can occur, and what kind of damage is possible. This should raise awareness of the many types of hardware security issues that can occur.
NOTE: A call for patent claims is included on page ii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy – Inclusion of Patents in ITL Publications.
Historically, hardware has been assumed to be inherently secure. However, chips are both created with and contain complex software, and software is known to have bugs. Some of these bugs will compromise security. This publication evaluates the types of vulnerabilities that can occur, leveraging existing work on hardware weaknesses. For each type, a security failure scenario is provided that describes how the weakness could be exploited, where the weakness typically occurs, and what kind of damage could be done by an attacker. The 98 failure scenarios provided demonstrate the extensive and broadly distributed possibilities for hardware-related security failures.
Historically, hardware has been assumed to be inherently secure. However, chips are both created with and contain complex software, and software is known to have bugs. Some of these bugs will compromise security. This publication evaluates the types of vulnerabilities that can occur, leveraging...
See full abstract
Historically, hardware has been assumed to be inherently secure. However, chips are both created with and contain complex software, and software is known to have bugs. Some of these bugs will compromise security. This publication evaluates the types of vulnerabilities that can occur, leveraging existing work on hardware weaknesses. For each type, a security failure scenario is provided that describes how the weakness could be exploited, where the weakness typically occurs, and what kind of damage could be done by an attacker. The 98 failure scenarios provided demonstrate the extensive and broadly distributed possibilities for hardware-related security failures.
Hide full abstract
Keywords
chips; design; failures; hardware; scenarios; security; vulnerability; weakness
Control Families
None selected
