As 5G and IoT proliferation sweep across the planet, businesses and consumers are benefiting greatly from increased connectivity. However, this connectivity is also introducing greater risks and security concerns than ever before. As the Military and civilian technological systems, from fighter aircraft to networked household appliances, are becoming ever more dependent upon software systems, they are also becoming more vulnerable to hackers and electronic intruders. Electronic system security has become an increasingly critical area of concern for the DoD and the broader U.S. population. Attacks might include exploitable software bugs, the most common vulnerability, or hardware leaks, physical attacks, logical attacks, and remote and localized attacks.
Current efforts to provide electronic security largely rely on robust software development and integration. Software security development environments, methodologies, and verification have been extensively analyzed and documented; however, current security measures remain inadequate. The threats from compromised hardware or supply chains have also become prominent.
Thanks to Moore’s Law, the number of transistors in our computing devices has doubled every two years, driving continued growth in computer speed and capability. Conversely, Wirth’s Law indicates that software is slowing more rapidly than hardware is advancing. The net result is that both hardware and software are becoming more complex. With this complexity, the number of discovered software vulnerabilities is increasing every year; there were over 17,000 vulnerabilities reported last year alone.
Newly identified vulnerabilities such as Spectre, Meltdown, Foreshadow and Spoiler have shown that problems such as side-channel attacks also exist in hardware designs and that there are likely many more vulnerabilities in current solutions from hardware vendors.
In March 2020, MITRE released version 4.0 of its Common Weakness Enumerations (CWE) list, which catalogues weaknesses in computer systems. For the first time, it included categories of hardware vulnerabilities. Among them are: Rowhammer; Meltdown/Spectre; CacheOut; and LVI, which are becoming more prevalent. In fact, a reported 70 percent of cyber-attacks are the result of memory safety issues [pdf] such as buffer overflow attacks—a category of software exploit that takes advantage of hardware’s inherent “gullibility.
Nowadays, embedded computers use multiple pieces of free software or open source utilities that are maintained and updated by the open source community. Conversely, many such computers—with applications in sectors such as Industry 4.0, medical, and automotive—are rarely if ever provided with updated software. They just continue to run old versions with known vulnerabilities. Even though they may use open source components, this slow update cycle is due to devices needing to be requalified to make sure that any updates to the kernel or drivers do not break the system.
Earlier, an internal report of J-2 intelligence directorate pointed to the risks from Lenovo computers and handheld devices that could introduce compromised hardware into the Defense Department supply chain, posing cyber espionage risks. One official said Lenovo equipment in the past was detected as “beaconing”—covertly communicating with remote users in the course of cyber intelligence-gathering. About 27 percent of Lenovo Group Ltd. is owned by the Chinese Academy of Science, a government research institute.
The military is high on the list for most nation-states, compromising another nation’s military through cyber actions that often cannot be traced back to the attacker. Financial institutions also are at the top of the list, as are industrial-control systems for water and power networks, because a successful cyber-attack there could have a devastating real-world impact.
In 2017, DARPA launched the SSITH program to create novel hardware defenses that can thwart the most common software exploitations of hardware vulnerabilities. DARPA launched Security Integrated Through Hardware and firmware (SSITH) program with aim to develop hardware design tools that provide security against hardware vulnerabilities that are exploited through software in DoD and commercial electronic systems.
Present responses to hardware vulnerability attacks typically consist of developing and deploying patches to the software firewall without addressing the underlying hardware vulnerability. As a result, while a specific attack or vulnerability instance is defeated, creative programmers can develop new methods to exploit software access to the remaining hardware vulnerability and a continuous cycle of exploitation, patching, and subsequent exploitation ensues. Software patches can never ensure complete security if there is hardware vulnerability. A new approach is necessary to break this cycle of hardware vulnerability exploitation.
“Security for electronic systems has been left up to software until now, but the overall confidence in this approach is summed up in the sardonic description of this standard practice as ‘patch and pray,’” said SSITH program manager Linton Salmon of the Agency’s Microsystems Technology Office. “This race against ever more clever cyber intruders is never going to end if we keep designing our systems around gullible hardware that can be fooled in countless ways by software.
SSITH is developing hardware security architectures to protect systems against entire classes of the hardware vulnerabilities that these software exploits attack.
System Security Integrated Through Hardware and firmware (SSITH) program
The System Security Integrated Through Hardware and firmware (SSITH) program addresses the use of hardware security architectures to help protect systems against classes of hardware vulnerabilities, rather than focusing on single instances of software weaknesses that exploit those vulnerabilities. SSITH is developing hardware security architectures to protect systems against entire classes of the hardware vulnerabilities that these software exploits attack.
SSITH seeks to leverage current research in hardware design and software security to propel new research in the area of hardware security at the micro architecture level. Security approaches will limit the permitted hardware to states that are assured to be secure while maintaining the performance and power required for system operation.
There are seven known classes of hardware vulnerabilities listed in the Common Weakness Enumeration (CWE) list which supposedly comprise a whopping 40 percent of all attack types. these are permissions and privileges, buffer errors, resource management, information leakage, numeric errors, crypto errors, and code injection. Researchers have documented some 2800 software breaches that have taken advantage of one or more of these hardware vulnerabilities, all seven of which are variously present to in the integrated microcircuitry of electronic systems around the world.
Changes to the integrated circuit architecture could provide hardware protection against vulnerability instances by addressing the vulnerability classes at their source, the hardware. Remove those hardware weaknesses, Salmon said, and you would effectively close down more than 40 percent of the software doors intruders now have available to them. DARPA scientists are interested in security approaches that will limit computer hardware to states that are secure while maintaining the system performance and power.
Researchers in SSITH, which is part of Darpa’s multibillion dollar Electronics Resurgence Initiative, are now in the third and final phase of developing security architectures and tools that guard systems against common classes of hardware vulnerabilities that can be exploited by malware. DARPA is moving to incorporate the system to fit DOD’s needs, and the technology is now being used in commercial application-specific integrated circuit designs, Rebello said. DARPA is planning to create SSITH application-specific chips for DOD applications.
Researchers working under the initiative, System Security Integration Through Hardware and Firmware (SSITH), have developed secure architectures and tools to protect embedded IoT devices and sensitive databases from common hardware vulnerabilities exploited via software. The agency now wants to harden those protections by allowing ethical hackers, researchers and “reverse engineers” to hunt for weaknesses and flaws as part of a bug bounty program. The Finding Exploits to Thwart Tampering, or FETT, initiative will use a crowdsourced approach that includes vetted researchers from Synack, a “trusted” security vendor, and its AI and machine learning tools.
In summer 2020, Darpa asked hackers to take their best shots at a set of newly designed hardware architectures. After 13,000 hours of hacking by 580 cybersecurity researchers, the results are finally in: just 10 vulnerabilities. DARPA launched three-month bug bounty program called Finding Exploits to Thwart Tampering (FETT), crowd-sourced hackers to crack the Defense Advanced Research Projects Agency’s System Security Integrated Through Hardware and Firmware (SSITH) program. “I’m happy to report, as of today, no one has successfully penetrated our SSITH defenses,” Keith Rebello, the program manager for the microsystems technology office at DARPA, said during the agency’s microelectronics conference Aug. 2020.
Technical Areas of SSITH program
The strategic challenge for participants in the SSITH program will be to develop new integrated circuit (IC) architectures that lack the current software-accessible points of illicit entry, yet retain the computational functions and high-performance the ICs were designed to deliver. Another goal of the program is the development of design tools that would become widely available so that hardware-anchored security would eventually become a standard feature of ICs in both Defense Department and commercial electronic systems.
The security architecture may incorporate concepts like cryptography, metadata tagging, formal verification, verified state matching, anomalous state detection, secure multi-party computing, semi-homomorphic computing, and security through compartmentalization. Security architectures will be instantiated in custom hardware to demonstrate the security of the resulting systems as well as to evaluate the impact of securitization on the performance, power, area, software compatibility, and security (PPAS) of resulting systems.
In addition to the PPAS impact, SSITH will also evaluate the scalability, flexibility, and adaptability of the security architectures developed in the program. Scalability will be needed to apply across a broad range of applications from small, ultra-low power systems to large, high performance systems. Flexibility will be needed to ensure responsiveness of hardware security to evolving system threats. Adaptability will allow hardware systems to respond to detected attacks. Architectures and design tools developed through this program will provide and flexible solutions applicable to DOD and commercial electronic systems, DARPA officials say.
This SSITH BAA is soliciting proposals in two technical areas:
Technical Area 1 (TA-1) will develop scalable, flexible, and adaptable integrated circuit security architectures that can be easily implemented in DoD and commercial SoCs.
The key elements are to develop and demonstrate one or more security architectures that can be used to protect electronics systems from software assisted attacks, develop design tools required to implement the chosen security architectures in arbitrary circuit designs and evaluate the impact of the security architecture implementation on key circuit metrics.
Technical Area 2 (TA-2) will establish a methodology for evaluating the security provided by the architectures developed in TA-1.
The focus of TA-2 is to develop a methodology and metrics by which to measure secure electronic systems. Specifically, TA-2 teams are intended to develop quantitative metrics required to evaluate trade-offs in security, performance, power, area and other standard circuit metrics. In addition, TA-2 teams are intended to establish a framework that enables representation of hardware/firmware security properties to overall system designers.
Out of Scope Technical Areas
The SSITH BAA will not focus on attacks that are not mediated through software access to the hardware. Although other areas of security are important, SSITH will focus on hardware vulnerabilities that are exploited through software to define achievable goals in a limited, but critical, part of the overall cybersecurity enterprise.
Examples of out of scope topics are:
1. Development of physical elements of hardware security such as Physically Unclonable Functions (PUF) and Random Number Generators (RNG). Physical elements can be used as a part of a SSITH proposal, but SSITH will not fund their development.
2. Protection against hardware-only vulnerabilities such as EM side-channel attacks or insertion of hardware Trojans during design and/or fabrication.
3. Vulnerabilities that occur exclusively in the software domain, such as insecure interaction between software components or cross-site request forgeries.
Officials of the U.S. Defense Advanced Research Projects Agency (DARPA) in Arlington, Va., announced a $9.9 million contract modification to Galois in March 2019 for the for the System Security Integrated Through Hardware and firmware (SSITH) program. The modification to Galois increases the company’s DARPA SSITH contract, awarded originally on 7 Dec. 2017, to $16.6 million. Galois is one of nine defense companies and colleges involved in the SSITH trusted computing project.
As part of this program, Galois is working to develop baseline processors from which security improvements will be measured, port and support baseline operating systems and compilers for those CPUs and develop a demonstration application for secure hardware. DARPA recently announced that Galois will be developing a voting system as the demonstration vehicle for this secure system, built with fully open source hardware and software. While the voting system is not intended for production, it serves as an important demonstration of how DARPA technology can be used for a critical infrastructure system.
Secure hardware needs to become an industry mandate. All too often companies take shortcuts in design assurance and secure design, trying to meet certain performance, area, speed and cost requirements. In addition to Galois, the other SSITH contractors are Lockheed Martin Corp. Rotary and Mission Systems segment in Owego, N.Y.; The Charles Stark Draper Laboratory in Cambridge, Mass.; SRI International in Menlo Park, Calif.; Cornell University in Ithaca, N.Y.; University of California-San Diego in La Jolla, Calif.; Columbia University in New York City; Massachusetts Institute of Technology (MIT) in Cambridge, Mass.; and University of Michigan in Ann Arbor, Mich.
The nine SSITH contractors are developing architectures and design tools that enable system-on-chip (SoC) designers to safeguard hardware against all seven known common weakness enumeration (CWE) classes of hardware vulnerabilities that hackers can exploit through software.
Galois Awarded $4.5 Million DARPA Contract for evaluating the security provided by the architectures
Earlier, Galois was awarded a multi-year contract by the Defense Advanced Research Projects Agency (DARPA) Microsystems Technology Office (MTO) to develop tools and methodologies that enable provable security for hardware used in a broad range of consumer, business, and government products. Phase I of the award will amount up to $4.5 million, dependent on successful completion of milestones.
To measure the effectiveness of such hardware security protection, Galois’s BESSPIN (Balancing Evaluation of System Security Properties with Industrial Needs) project aims to develop a set of security metrics, a framework for expressing and reasoning about hardware security, and a methodology in which metrics drive decision making during the design of secure systems.
“While there is so much focus today on developing secure software, even the most hardened software becomes flawed if wrapped around vulnerable hardware,” said Joe Kiniry, Principal Scientist, Galois. “BESSPIN aims to re-imagine traditional security approaches so that organizations can make evidence-based hardware and firmware design trade-offs between security and other characteristics such as performance, power, and area.”
BESSPIN seeks to generate powerful new hardware security assurance capabilities for CPU and semiconductor vendors, hardware manufacturers, and the DoD. For example, a company might state that they have thought hard about memory errors such as buffer overflow, and that their new hardware architecture has been designed to prevent them. BESSPIN aims to enable the objective evaluation of that claim against the company’s actual product.
DARPA MTO is focused on creating and preventing strategic surprise through investments in compact microelectronic components such as microprocessors, microelectromechanical systems (MEMS), and photonic devices. BESSPIN’s salient contributions for this DARPA MTO project aim to be:
- A set of quantitative metrics that would support practical measurement of security property compliance, enabling objective trade-offs between security and other system properties;
- A framework in which security architectures and their properties could be expressed and reasoned about, both at the abstract (model) level and the concrete (product) level
- A methodology in which metrics drive decision-making during the design of secure systems; and a tools suite that would permit hardware designers in industry to specify and reason about hardware architectures and their correctness and security properties as a part of their normal design flow.
The team selected for this project, which includes Galois and partners Bluespec and Reduced Energy Microsystems (REM), includes experts in formal methods, programming and hardware design languages, hardware design and EDA tooling, and system architecture.
As a part of the SSITH program, it is the goal of the BESSPIN team to reason about the correctness and security of three different RISC-V secure CPUs from up to eight different SSITH teams through three releases—potentially adding up to 72 CPUs in all. These CPUs would use a wide variety of techniques to ensure system security, and aim to be written in multiple hardware design languages including System Verilog, Bluespec, and Chisel. The BESSPIN tools that Galois develops must accommodate this enormous range of techniques and technologies.
DARPA, awards University of Michigan Team
DARPA had awarded a $3.6 million grant to a University of Michigan team in 2017 with the goal of building an “unhackable” processor under SSITH program. Todd Austin, U-M professor of computer science and engineering, leads the project, called MORPHEUS. MORPHEUS outlines a new way to design hardware so that information is rapidly and randomly moved and destroyed. The technology works to elude attackers from the critical information they need to construct a successful attack. It could protect both hardware and software.
“We are making the computer an unsolvable puzzle,” Austin said. “It’s like if you’re solving a Rubik’s Cube and every time you blink, I rearrange it.” In this way, MORPHEUS could protect against future threats that have yet to be identified, a dreaded vulnerability that the security industry called a “zero day exploit.” “What’s incredibly exciting about the project is that it will fix tomorrow’s vulnerabilities,” Austin said. “I’ve never known any security system that could be future proof.”
Austin said his approach could have protected against the Heartbleed bug discovered in 2014. Heartbleed allowed attackers to read the passwords and other critical information on machines. “Typically, the location of this data never changes, so once attackers solve the puzzle of where the bug is and where to find the data, it’s ‘game over,'” Austin said.
Under MORPHEUS, the location of the bug would constantly change and the location of the passwords would change, he said. And even if an attacker were quick enough to locate the data, secondary defenses in the form of encryption and domain enforcement would throw up additional roadblocks. The bug would still be there, but it wouldn’t matter. The attacker won’t have the time or the resources to exploit it.”These protections don’t exist today because they are too expensive to implement in software, but with DARPA’s support we can take the offensive against attackers with new defenses in hardware and implement then with virtually no impact to software,” Austin said.
The processor — which changes its own microarchitecture every few milliseconds — was tested by hundreds of professional hackers in 2020, over the course of four months, in a DARPA security challenge. None of them were able to breach the system. During the tests, the Morpheus system was utilized to protect a mock medical database with software vulnerabilities. Not a single attack penetrated the system.
The goal of the FETT program was to test new hardware-based security systems that could protect data against common hardware vulnerabilities typically exploited by software. The FETT program also tested systems by MIT, Cambridge University, and Lockheed Martin, meaning that many of the world’s best minds are building systems aimed at securing future databases against malicious hackers.
According to the University of Michigan statement, the one trade-off for end-users, is the fact that the Morpheus system runs approximately 10 percent slower than equivalent systems. However, the team explained that it aims to refine the system to make it faster in the future.
Tortuga Logic to Develop Project to Create World’s First Hardware Security Solution for Emulation Platforms
The Defense Advanced Research Projects Agency has contracted Tortuga Logic to develop hardware security tools that use commercial testing platforms to catch vulnerabilities in computer chips before they are deployed, the firm announced. The goal of the contract, awarded by the Pentagon’s R&D arm, is to prevent a repeat of Meltdown and Spectre, the security vulnerabilities revealed in January that affected virtually all modern computer chips
Tortuga Logic, a hardware security company with technology that identifies security vulnerabilities in semiconductor designs, today announced that it has received a contract from the Defense Advanced Research Projects Agency (DARPA) to develop additional hardware security solutions. Specifically, this effort is based around integrating Tortuga Logic’s patented hardware security models with commercial emulation platforms, which are electronic systems used by hardware designers in the final stages of verification to fully test an entire chip design running a full software stack.
The resulting products are intended to be used by hardware designers to enhance their ability to find security vulnerabilities in their designs prior to chip fabrication or Field-Programmable Gate Array (FPGA) deployment. The project will be led by Dr. Jason Oberg, Tortuga Logic’s CEO and co-founder. “More than ever, hardware designers need solutions to identify security vulnerabilities throughout the chip design lifecycle, rather than post-fabrication or post-deployment. This contract with DARPA will allow Tortuga Logic to integrate our patented information flow technology with commercial emulation platforms, completing a full end-to-end design suite dedicated to security verification,” says Dr. Oberg.
As part of the effort, participants of the DARPA “System Security Integrated Through Hardware and Firmware” (SSITH) program will receive early access to the resulting security solution for emulation platforms. The goal of the SSITH program is to develop hardware design architectures and techniques to strengthen the security of systems used in commercial and defense electronic applications. Tortuga Logic’s current product line and the aforementioned security solution for emulation platforms will be made available to enhance the work performed by all SSITH participants.
Tortuga Logic’s current product line consists of two software suites, entitled Prospect and Unison. Both products have been adopted within the semiconductor industry, as well as the Aerospace and Defense industry. Now, Tortuga Logic is focusing on extending their product portfolio the aforementioned security solution for emulation platforms. While the research and resultant product can be ported to any commercial emulation platform, the project will use the Palladium platform from Cadence Design Systems. The project will also utilize the emerging RISC-V processor architecture and sample design for initial prototyping and testing. RISC-V is gaining popularity in many market verticals and will be used as the baseline design for many of the SSITH participants, making it a suitable architecture to validate the functionality of the final security emulation platform
DARPA Finding Exploits to Thwart Tampering (FETT) Bug Bounty Capture-the-Flag Qualifier
DARPA’s System Security Integration Through Hardware and Firmware (SSITH) program focused on bolstering the security of electronic systems by developing hardware security architectures and tools that protect against common classes of hardware vulnerabilities exploited through software. The agency now wants to harden those protections by allowing ethical hackers, researchers and “reverse engineers” to hunt for weaknesses and flaws as part of a bug bounty program.
To help harden the SSITH hardware security protections in development, DARPA is hosting its first ever bug bounty program called the Finding Exploits to Thwart Tampering (FETT) Bug Bounty. The Finding Exploits to Thwart Tampering, or FETT, initiative will use a crowdsourced approach that includes vetted researchers from Synack, a “trusted” security vendor, and its AI and machine learning tools. FETT aims to utilize hundreds of ethical researchers, analysts, and reverse engineers to deep dive into SSITH’s hardware architectures and uncover potential vulnerabilities or flaws that could weaken their defenses. Once bounty hunters spot software bugs, security flaws and other potential vulnerabilities, they are passed on through a disclosure framework. Developers can then apply those findings to plug security gaps.
“FETT will open SSITH’s hardware security protections to a global community of ethical researchers with expertise in hardware reverse engineering to detect potential vulnerabilities, strengthen the technologies and provide a clear path to disclosure,” said Keith Rebello, DARPA’s program manager leading the security effort.
Synack is running a Capture-the-Flag (CTF) qualifier for any hacker, reverse engineer, or cybersecurity enthusiast interested in gaining access to the SSITH defenses and participating in the FETT Bug Bounty. Security researchers that are not currently Synack Red Team (SRT) members have an opportunity to earn a Technical Assessment ‘Fast Pass’ to join the SRT through the CTF event. Successful qualifiers will be required to complete Synack’s legal verification steps prior to gaining admission to FETT.
DARPA said in June 2020 that its approach differs from other bug bounty efforts by including a holistic “red teaming” approach, so-called because a separate group of ethical hackers provides an adversarial perspective meant to challenge assumptions, overcome bias and ultimately provide better solutions. The bug bounty effort also will look beyond tradition software code evaluation by providing red team members with hardware instances. Security researchers will be given access to cloud-based emulations. Those FPGA-based emulations include a RISC-V processor core modified to include hardware security protections developed under the SSITH program. The accompanying software stack includes known vulnerabilities, including buffer, configuration and resource management errors, along with SSITH hardware protections.
“Security researchers will be tasked with devising novel exploit mechanisms to bypass the hardware security protections and sharing their findings through the established disclosure process,” the agency said. Since the DARPA program was launched, university and industry security researchers have explored different hardware design approaches. Among their conclusions was the need for techniques that provide more information to hardware about specific software tasks. The hope is a hardware-centric security approach can improve defenses while guarding against accidental and malicious vulnerabilities. Bounty hunters also will focus on application frameworks used for sensitive systems like medical records databases, password authentication systems and other platforms that incorporate SSITH hardware defenses.
SSITH teams came up with RISC-V-based architectures meant to render them impossible. These were then emulated using FPGAs. A full stack of software including a bunch of apps known to be vulnerable ran on the FPGA. They also allowed outsiders to add their own vulnerable applications. The Defense Department then loosed hackers upon the emulated systems using a crowdsourced security platform provided by Synack in a bug bounty effort called Finding Exploits to Thwart Tampering (FETT).
Our research teams have been developing novel methods to stop buffer errors, privilege escalations, resource management attacks, information leakage attacks, numeric errors, code injection attacks, and cryptographic attacks. This approach has shown promising results with minimal impact to power, performance, chip area, and software compatibility. These architectural techniques can be incorporated into the entire range of computer hardware and scale from IoT endpoints to mobile phones to advanced servers and, ultimately, to supercomputers, said Keith Rebello.
“Knowing that virtually no system is unhackable, we expected to discover bugs within the processors. But FETT really showed us that the SSITH technologies are quite effective at protecting against classes of common software-based hardware exploits,” said Rebello, in a press release. “The majority of the bug reports did not come from exploitation of the vulnerable software applications that we provided to the researchers, but rather from our challenge to the researchers to develop any application with a vulnerability that could be exploited in contradiction with the SSITH processors’ security claims. We’re clearly developing hardware defenses that are raising the bar for attackers.”
Of the 10 vulnerabilities discovered, four were fixed during the bug bounty, which ran from July to October 2020. Seven of those 10 were deemed critical, according to the Common Vulnerability Scoring System 3.0 standards. Most of those resulted from weaknesses introduced by interactions between the hardware, firmware, and the operating system software. For example, one hacker managed to steal the Linux password authentication manager from a protected enclave by hacking the firmware that monitors security, Rebello explains.
In the program’s third and final phase, research teams will work on boosting the performance of their technologies and then fabricating a silicon system-on-chip that implements the security enhancements. They will also take the security tech, which was developed for the open-source RISC-V instruction set architecture, and adapt it to processors with the much more common Arm and x86 instruction set architectures. How long that last part will take depends on the approach the research team took, says Rebelllo. However, he notes that three teams have already ported their architectures to Arm processors in a fraction of the time it took to develop the initial RISC-V version.
The FETT bug bounty program also includes vulnerable applications like a web-based voter registration system. DARPA hopes to demonstrate that hardware defenses can shield underlying voter information from hackers despite the presence of software vulnerabilities. The goal is “to show how SSITH technologies could help protect critical infrastructure, and potentially prevent the erosion of trust in things like our election process or healthcare systems,” said Rebello.
DARPA Makes FETT Bug Bounty Platform Open Source
After conducting its first bug bounty program in 2020, the Defense Advanced Research Projects Agency (DARPA) announced in july 2021 that it is open sourcing the Finding Exploits to Thwart Tampering (FETT) Bug Bounty evaluation platform.
DARPA said its FETT Bug Bounty program “proved the value of the secure hardware architectures developed under [DARPA’s] System Security Integration Through Hardware and Firmware (SSITH) program while pinpointing critical areas to further harden defenses.”
“We see value in making this research available to the broader [research and development] community for testing and evaluating processor designs to ensure they are robust and secure,” said Keith Rebello, the DARPA program manager leading SSITH. “Our aim is for researchers and developers to leverage the SSITH security evaluation framework to help create a common security benchmark that can be used to compare secure processor designs.”
The bug bounty program involved more than 580 cybersecurity researchers and 13,000 hours of hacking exploits. The FETT Bug Bounty was the result of a partnership between DARPA, the Department of Defense’s Defense (DoD) Digital Service, which is a SWAT-style tech team within the DoD, and Synack, a crowdsourced security platform.
Included in the open sourcing of the FETT evaluation platform is the back-end management of emulated systems like the ones used to test and evaluate the SSITH processors and the user-facing front-end components. Also available via the open source repository are the evaluation tools used for testing processor power, performance, area, and security, as well as those used for specifying and reasoning about security properties.
In addition to the FETT evaluation platform, DARPA is open sourcing the baseline reduced instruction set computer version five (RISC-V) processor designs used by the SSITH program. DARPA noted that while these designs do not include the SSITH secure architectures, they do “provide a jumping-off point for developers that are exploring novel hardware protections and are interested in a means of evaluating them in a virtual environment.”