Hardware Trojans (HT), which are malicious circuit inclusions into the design from an adversary with an intention to damage the functionality of the chip at a much later date or leaking confidential information like keys used in cryptography. Time to market demand has forced integrated circuit design, manufacturing and testing to be done at different places across globe. This approach has led to numerous security concerns like overbuilding of chips from foundries, IP protection, counterfeiting and hardware Trojans.
Cyber attackers similarly hunt for exploits in computing systems via a phenomenon colloquially described as “weird machines.” Simply translated, the phrase means that a system’s own design and features can accidentally help an attacker operate the system in ways never intended. Unrelated, benign features across the system unwittingly add up to an unexpected or emergent execution engine that is ready to run attackers’ exploits.
The Defense Advanced Research Projects Agency (DARPA) Information Innovation Office (I2O) launched Hardening Development Toolchains Against Emergent Execution Engines (HARDEN) program in September 2022.
“Weird machines can provide tremendous advantages to attackers who manage to discover and control emergent behaviors in their targets,” said Sergey Bratus, HARDEN program manager in DARPA’s Information Innovation Office. “HARDEN aims to deny these advantages, by combining ethical hackers’ growing understanding of how attackers turn parts of modern computing systems against the whole with the pioneering formal methods and automated software analysis developed with DARPA’s support. It stands to reason that ethical hackers and non-traditional performers play a key role in HARDEN.”
Attackers increasingly target the software that runs when computers boot up so they can dodge security protections before they are activated. These parts of computing systems provide the “root of trust” for the rest of the system – i.e. compromising these parts of a system destroys its trustworthiness. HARDEN will apply its combination of ethical hacker insights, mathematical models, and automation to secure the critical root-of-trust parts of systems.
The HARDEN program will explore novel theories and approaches, and seeks to develop practical tools to anticipate, isolate, and mitigate emergent behaviors in computing systems throughout the entire software development lifecycle (SDLC).
HARDEN aims to radically improve security outcomes in software for integrated systems by creating novel tools, metadata, and instrumentation for emergent computation, and it will efficiently mitigate exploitation of software abstractions and protect intended abstractions from adversarial reuse. The program seeks to integrate those capabilities into the standard processes of the SDLC.
While much attention is paid to detecting and remedying flaws or vulnerabilities in software, the way a system is designed can also create large opportunities for attackers. System designers primarily focus on ensuring a program is adept at executing a specific task, focusing on how a design can best support intended features and behaviors and on how they will be implemented within the design.
Attackers have also discovered that these design structures and implementation behaviors can be repurposed for their own malicious purposes. Unexpected – or emergent – behaviors that these features could exhibit are not often taken into consideration at the time of design. As a result, attackers often find that they can generate emergent behaviors by using what’s already built into a system, providing a way to exploit flaws that are several layers down. In other words, systems are unknowingly being designed in ways that support adversarial programmability and combinations of features and unprotected abstractions. These amount to embedded exploit execution engines – creating what is colloquially known as “weird machines.”
The Hardening Development Toolchains Against Emergent Execution Engines (HARDEN) program seeks to give developers a way to understand emergent behaviors and thereby create opportunity to choose abstractions and implementations that limit an attacker’s ability to reuse them for malicious purposes, thus stopping the unintentional creation of weird machines.
HARDEN will explore novel theories and approaches and develop practical tools to anticipate, isolate, and mitigate emergent behaviors in computing systems throughout the entire software development lifecycle (SDLC). Notably, the program aims to create mitigation approaches that go well beyond patching. At present, patches tend to only address a particular exploit and do not disrupt the underlying exploit execution engine residing at the design-level.
HARDEN will also focus on validating the generated approaches by applying broad theories and generic tools to concrete technological use cases of general-purpose integrated software systems. Potential evaluation systems include the Unified Extended Firmware Interface (UEFI) architecture and boot-time chain of trust, as well as integrated software systems from the Air Force and Navy domains, such as pilots’ tablets.
“There are many ways to theorize about addressing these challenges, but the test of the theory is how it will apply to an actual integrated system that we base trust on, or want to base trust on. We want to ensure we’re creating models that will be of actual use to critical defense systems,” noted Bratus.
The program will run for 48 months and is organized into three phases: Phases 1 and 2 will each be 18-months, followed by a 12-month Phase 3. Work performed by HARDEN teams will span several major technical areas, such as developing tools for software developers to account for emergent behaviors and creating models of emergent execution.
For the Hardening Development Toolchains Against Emergent Execution Engines (HARDEN) program, DARPA selected teams to create practical tools that will prevent exploitation of integrated computing systems by disrupting the patterns of robust, reliable exploits used by attackers, and depriving the attackers of emergent execution engines.
The selected performers include: Arizona State University, Galois, Kudu Dynamics, Narf Industries, River Loop Security, Riverside Research Institute, University of California, Santa Barbara, and WebSensing
An additional performer may be added, pending contract finalization.
Cromulence and the University of Illinois Urbana-Champaign will serve as proxies for the offense and test effectiveness of the proposed mitigations. Northrop Grumman will serve as the integration and systems engineering evaluator.
According to Bratus, these teams include a number of the world’s leading experts in exploiting and defending root-of-trust and embedded systems.
Notably, several organizations selected for HARDEN are direct descendants of DARPA’s Cyber Fast Track program and Cyber Grand Challenge, both of which reached out to the ethical hacking community and helped diversify and grow their ranks.