PORTLAND, Ore. — Nine universities, from a field of more than 50 applicants, have been chosen to receive $4 million over three years to develop Secure, Trustworthy, Assured, and Resilient Semiconductors and Systems. The STARSS program is supported by the National Science Foundation (NSF) and the Semiconductor Research Corporation (SRC) as well as SRC member companies Intel, Freescale, and Mentor Graphics.
The STARSS program is part of a $75 million cyber security effort by the NSF, but is unique in that it is aimed at making the chips themselves -- especially processors -- immune from being exploited by hackers who take advantage of hidden Trojan horses and backdoors that are intentionally or unintentionally inserted into chips by intellectual property (IP) often from foreign sources. The effort will also make it easier to spot counterfeit chips, chips having been tampered with somewhere along the supply chain, and used chips being passed off as new.
"NFS and SRC are initially funding nine projects [listed below] with $4 million in a multi-phase project that will likely spend $10 million over several years," Keith Marzullo, division director of NSF’s Computer and Network Systems Division, which leads the NSF/SRC partnership on STARSS, told EE Times. "And STARSS is part of a larger effort -- the Secure and Trustworthy Cyberspace (SaTC) project -- which will be spending $45 million the first year and as much as $75 million over the next few years."
Since securing chips from hackers is a mostly unplowed field, the first call generated a lot of proposals that had to be carefully weeded out by the NSF and SRC committee review process.
Secure embedded systems test platform from Virginia Tech is for tamper resistance research, especially intentional fault injection into microprocessor hardware. Virginia Tech's FAME (Fault-attack Awareness using Microprocessor Enhancements) aims to defend micro-controllers against malicious fault injection using elaborate tamper-sensitivity analysis.
(Image: Jim Stroup / Virginia Tech)
"We are going to be doing a lot of blue sky work at first," Celia Merzbacher, SRC vice president for Innovative Partnerships, told us. "But we want to concentrate right now on counterfeit detection, assurance, looking for Trojans, and verification of the security of chips."
STARSS is also a part of SRC’s Trustworthy and Secure Semiconductors and Systems (T3S) program.
"STARSS will be a cornerstone to our T3S effort at designing-in security and assurance right from the beginning of the process," says Merzvbacher. "We want to design in resistance and resilience to both attacks and tampering."
Most of the concentration will be on hardware issues, but since software has become such an integral part of most processors, that issue will also be addressed, particularly at the interfaces between subsystems, which are often vulnerable because they are controlled by software.
"We are mostly doing hardware, but software has to be considered too, when it comes to security and trustworthiness. At a recent workshop, over and over the issue of interfaces between hardware and software was brought up as especially vulnerable, along with authentication along the supply chain," says Merzbacher.
The first round of awards went to nine university projects.
If you think you have a better idea, or one that fills in a hole left by the programs above, the NSF is currently sponsoring a second round of funded projects. Just fill out the paperwork for its Secure and Trustworthy Cyberspace (SaTC) program today.
— R. Colin Johnson, Advanced Technology Editor, EE Times