Viewing entries in
Research paper

Graf Research at GOMAC 2018

Scott Harper from Graf Research will be attending GOMAC 2018 in Miami from March 12-15.  Our very own Scott Harper and Tim Dunham are co-authors on "Malicious Trigger Discovery in FPGA Firmware."  Make sure to say hello to Scott!

XSWG 2017: "Irrefutable Tamper Logging through FPGA Key Management"

Graf Research will be presenting our work on “Irrefutable Tamper Logging through FPGA Key Management” at both US Xilinx Security Working Groups: Longmont, Colorado (Oct 17-19) and Herndon, Virginia (Nov 7-9).   Co-authors include Jonathan Graf and Ali Asgar Sohanghpurwala from Graf Research and Matthew French and Dr. Andrew Schmidt from USC-ISI.  Register for the conference and come see us!

IEEE NAECON 2017: "Formal Enforcement of Mission Assurance Properties in Cyber-Physical Systems"

Graf Research and Georgia Tech are publishing and presenting our research on "Formal Enforcement of Mission Assurance Properties in Cyber-Physical Systems" at IEEE NAECON 2017.  Come out and see our presentation!

Formal Enforcement of Mission Assurance Properties in Cyber-Physical Systems
Scott Harper, Jonathan Graf, Michael A. Capone, Justin Eng, Michael Farrell, Lee W. Lerner

Abstract— Cyber-Physical Systems improve efficiency, accuracy, and access in systems ranging from household appliances to power stations to airplanes. They also bring new risks at the intersection of physical, information, and mission assurance. This paper presents CP-SMARTS, a framework providing a means for propagating CPS assurances from planning to deployment.

georgia tech.png
150 2017LogoResolution.jpg

Graf Research and USC-ISI Publish Research Results

Graf Research and the University of Southern California's Information Sciences Institute have published our work on “Irrefutable Tamper Logging through FPGA Key Management” at the 2017 DoD Anti-Tamper Conference.  Co-authors include Jonathan Graf and Ali Asgar Sohanghpurwala from Graf Research and Matthew French and Dr. Andrew Schmidt from USC-ISI.


GOMAC 2017: "Private Verification for FPGAs" and "OpTrust"

Graf Research will present two papers at GOMAC 2017.  The first is on the private verification of FPGA bitstreams: a method for verifying that bitstream contents are trustworthy without reverse engineering them.  The second is on OpTrust, the software tool that encapsulates our game theoretic decision engine for microelectronics trust.


Private Verification for FPGA Bitstreams
Jonathan Graf and Ali Asgar Sohanghpurwala

Abstract: We introduce private verification, a novel paradigm for trustworthy microelectronics design verification. Private verification methods and software simultaneously meet two requirements: (1) comprehensively verifying the design and (2) maintaining the privacy of certain aspects of the design, such as its implementation details or design format. We present an implementation of such a tool, entitled PV-Bit, which is capable of verifying the contents of FPGA bitstreams without exposing the details of the vendor-proprietary bitstream format or posing other security risks.


OpTrust: Software for Determining Optimal Test Coverage and Strategies for Trust
Jonathan Graf

Abstract: Building on our prior work in the theory and practice of applying game theory to determine optimal test strategies for hardware Trojan detection, we present the OpTrust software tool. OpTrust is an automated game solving tool that offers microelectronics developers guidance about the optimal test strategies to ensure the trustworthiness of their designs. It divides roles among a red team, a threat environment team, and the developer. In this way, complexity and sensitive information are hidden from developers, allowing them easy access to test guidance.

IEEE NAECON 2016: "System-Level Adversary Attack Surface Modeling for Microelectronics Trust"

Continuing our publication of the applications of Game Theory to various levels of trust assessment, we discuss system-level applications in our IEEE NAECON 2016 paper.  Come on out and see our presentation!

Towards System-Level Adversary Attack Surface Modeling for Microelectronics Trust
Jonathan Graf

Abstract—Models of trust for microelectronic systems are difficult to create due to the large variety of adversarial strategies available. Building on previous work, we present a new adversary model that considers the large heterogeneous attack surface that is realistically available on a diverse microelectronic system. We also present an expanded game theoretic model that permits reasoning about optimal adversarial and defensive strategies across this varied attack surface.


IEEE HOST 2016: "Trust Games"

We are continuing to publish our research on the use of Game Theory to optimize hardware Trojan detection processes in our paper at IEEE HOST 2016.  Make sure to come by and chat with us!


Trust Games: How Game Theory Can Guide the Development of Hardware Trojan Detection Methods

Jonathan Graf

Abstract—The development of circuit testing and verification methods is commonly driven by formal analysis centered on an abstract mathematical model of the error or defect the method is designed to detect. Hardware Trojans, however, confound attempts to develop simple representative models due to the varieties of their physical embodiments in a circuit and the creative nature of a rational human adversary. Since it is nonetheless desirable to have a mathematical framework for determining the effectiveness of hardware Trojan detection methods, we present a game theoretic framework for so doing. Modeling the Trojan maker and detection method designer as opposing players in a 2-person strategic game is a necessary step in our process. However, the ultimate utility of the approach depends on an accurate security economic model of both players that can correctly consider the players’ incentives, empirically-derived detection method efficacy metrics, a comprehensive taxonomy of hardware Trojans, and the places in the design cycle of the circuit where the Trojan insertion and detection occur. In this paper, we present such a security economic model and the resulting game, which we call the Trust Game. We illustrate the value of this game primarily in the context of how it may guide the development of new hardware Trojan detection methods. We solve a representative game, illustrating the value of two common solution concepts, the iterated elimination of dominated strategies and Nash equilibrium. We further show that this framework has utility to both of the opposing players in the game. Finally, we recommend the development of standardized Trust Games that can be used to quickly measure the efficacy of both new hardware Trojans and hardware Trojan detection methods.

GOMAC 2016: "Optimal Hardware Trojan Detection through Security Economics and Game Theory"

We're going to GOMAC this year to present our paper, "Toward Optimal Hardware Trojan Detection through Security Economics and Game Theory."  Come on out to see us!

Toward Optimal Hardware Trojan Detection through Security Economics and Game Theory

Jonathan Graf

Abstract: We present a security economic model that informs the optimal selection of hardware Trojan detection strategies.  Our model accurately represents the economics and efficacy of available verification and Trojan detection methods and accounts for the varieties of available hardware Trojans.  Paired with game theoretic analysis, this model informs ASIC/FPGA designers and associated policy makers of optimal defensive strategies. 

Keywords: Trust, Hardware Trojan, Hardware Security, ASIC, FPGA, Security Economics, Game Theory