Viewing entries tagged
game theory

GOMAC 2022: Four more papers!

The team has done it again! Last year we presented three papers at GOMAC, and this year, we’ll be presenting four! The whole team has put so much effort into this research, and we can’t wait to show off our achievements. GOMAC will be hosted in Miami, so the team hopes to thaw out a bit from winter in addition to giving great presentations on our latest work. Take a look below to learn more about what we’ll discuss.  Come out and see us in our first in-person conference in 2 years!

-----

Modernizing FPGA Design Assurance Software

Jonathan Graf, Scott Harper, Ali Asgar Sohanghpurwala, Edward Carlisle IV

Abstract: This paper presents five key principles for modern FPGA design assurance tools: verification, auditing, quantification, automation, and interoperability. We claim these principals are mandatory for such tooling and explore three hardware design assurance software tools in this context – DELV, Trace, and PV-Bit. Our conclusion is that it is possible to create tools that follow the principles and that adherence to these principles quantifiably impacts design assurance.

-----

Advancing Strategy Selection for Hardware Trojan Detection with Subrational Behavior Models

Whitney Batchelor, Meg Winslow, Cody Crofford, Michael Blacconiere, Scott Harper, Jonathan Graf

Abstract: Game theory has been shown to have practical applications in the optimization of hardware Trojan detection and prevention strategy selection in circuit design. In previous work, metrics measuring the performance and cost of a countermeasure when considering the action of an adversary given their goals are quantified to predict optimal defense strategy selections. Those models assume an encounter between two rational players and build upon a security economic approach in the context of empirically derived countermeasure efficacy metrics. That is, both offensive and defensive players act in a rational manner, choosing the action resulting in their greatest financial gain (or lowest loss) when considering the likely action of their opponent. The assumption of rational players allows for a baseline analysis when optimizing detection strategy selection but does not consider human behaviors that may drive a sub-optimal decision. These behaviors may result from having risk adverse/seeking players, carrying bias towards certain methods, understanding the results from prior attacks and defensive mechanisms, and/or additional motivations. In this paper, we extend the rational game theoretic model previously evaluated in the quantitative assurance space with the concept of subrationality; that is, when the players have the option of making an informed but less optimal choice due to some definable bias. This work introduces three subrational models that simulate risk adverse and risk seeking players, knowledge of prior play, and random error with application to the previously developed models pertaining to the optimal selection of hardware Trojan detection strategies.

-----

Trace: Towards a Traceable Microelectronics Implementation Flow

Ali Asgar Sohanghpurwala, Carlton Fraley, Jonathan Graf, Scott Harper

Abstract: Microelectronics design processes often include implementation flows that perform incremental steps to convert human-readable source code or schematics into a binary executable or hardware circuit that can be deployed on the desired Microprocessor, FPGA, PCB, or ASIC technology. Available tools help users partially verify the output of these implementation flows, but a gap exists in assuring and preserving the integrity of those output products along with the source code and implementation settings that were used to produce them. Ideally, a security auditor should be able to prove or disprove the trustworthiness of specific design implementations deployed in the face of an advanced adversary. What is proposed here is progression towards a fully traceable and reproducible implementation flow that uses proven cryptographic principles to enable a tamper-resistant audit trail for Microelectronic design implementation along with companion tools for auditing and precisely reproducing the implementation process.

-----

Automated Analysis of a Thermally Triggered FPGA Hardware Trojan

Edward Carlisle IV, Scott Harper, James Koiner, Kevin Paar, Michael Capone, and Jonathan Graf

Abstract: This paper presents a remote hardware-in-the-loop Hardware Trojan Horse (HTH) analysis approach that automates the process of examining HTH effects and characterizing detection/mitigation effectiveness. We frame the discussion around a novel HTH that is triggered by variations in temperature and is implemented in the fabric of a Field Programmable Gate Array device. We demonstrate the characterization and activation of the HTH using a fully automated web-based lab bench platform.

HaSS: “A practical application of game theory to optimize selection of hardware Trojan detection strategies”

HaSS: “A practical application of game theory to optimize selection of hardware Trojan detection strategies”

This Christmas, Graf Research Corporation celebrates the gift of having a new paper published in the Journal of Hardware and Systems Security! The paper is entitled “A practical application of game theory to optimize selection of hardware Trojan detection strategies.” Paper contributors included Jonathan Graf, Whitney Batchelor, Scott Harper, Ryan Marlow, Ed Carlisle, and Peter Athanas. The paper will appear in the journal next week, so be on the lookout for it!

And of course, Happy Holidays and Happy New Year to all!

-----

A practical application of game theory to optimize selection of hardware Trojan detection strategies

Jonathan Graf, Whitney Batchelor, Scott Harper, Ryan Marlow, Edward Carlisle IV, and Peter Athanas

Abstract: A wide variety of Hardware Trojan countermeasures have been developed, but less work has been done to determine which are optimal for any given design. To address this, we consider not only metrics related to the performance of the countermeasure, but also the likely action of an adversary given their goals. Trojans are inserted by an adversary to accomplish an end, so these goals must be considered and quantified in order to predict these actions. The model presented here builds upon a security economic approach that models the adversary and defender motives and goals in the context of empirically derived countermeasure efficacy metrics. The approach supports formation of a two-player strategic game to determine optimal strategy selection for both adversary and defender. A game may be played in a variety of contexts, including consideration of the entire design lifecycle or only a step in product development. As a demonstration of the practicality of this approach, we present an experiment that derives efficacy metrics from a set of countermeasures (defender strategies) when tested against a taxonomy of Trojans (adversary strategies). We further present a software framework, GameRunner, that automates not only the solution to the game but also mathematical and graphical exploration of “what if” scenarios in the context of the game. GameRunner can also issue “prescriptions,” a set of commands that allows the defender to automate the application of the optimal defender strategy to their circuit of concern. Finally, we include a discussion of ongoing work to include additional software tools, a more advanced experimental framework, and the application of irrationality models to account for players who make subrational decisions.

Graf Research Awarded SBIR: "Optimal 3rd-Party IP Assessment"

Graf Research has been awarded an SBIR to produce one or more ASIC and FPGA hardware 3rd-Party IP (3PIP) assessment techniques, a set of technologies we collectively refer to as GR-3PIP. The techniques must accomplish the goal of establishing trust in the 3PIP under test, but we apply additional requirements. We require that the techniques (1) do not add significant cost to the core, (2) do not require extensive time to apply, and (3) do not require extensive verification or reverse engineering expertise to use.

aiQ0yE8l.png

Graf Research Awarded Contract to Interface OpTrust Tools

Graf Research has been awarded a contract to create interfaces between our OpTrust software, which creates game-theory-based prescriptions for optimal hardware Trojan detection, and a prime contractor's custom electronic design automation tools. 

Graf Research Awarded SBIR: "Optimal Strategies for Cloud-Based Trust Assessment"

Graf Research has been awarded a Phase 1 SBIR to research and develop optimal strategies for cloud-based trust assessment. We anticipate creating not only a novel cloud architecture that can facilitate the use of many of the DARPA-sponsored custom microelectronics trust software tools but also a unique, cloud-hosted software product OpTrust-C which will devise optimal strategies for the proper implementation of defensive measures.

150 SBIR Logo.png

IEEE NAECON 2016: "System-Level Adversary Attack Surface Modeling for Microelectronics Trust"

Continuing our publication of the applications of Game Theory to various levels of trust assessment, we discuss system-level applications in our IEEE NAECON 2016 paper. Come on out and see our presentation!

-----

Towards System-Level Adversary Attack Surface Modeling for Microelectronics Trust
Jonathan Graf

Abstract: Models of trust for microelectronic systems are difficult to create due to the large variety of adversarial strategies available. Building on previous work, we present a new adversary model that considers the large heterogeneous attack surface that is realistically available on a diverse microelectronic system. We also present an expanded game theoretic model that permits reasoning about optimal adversarial and defensive strategies across this varied attack surface.

 

GOMAC 2016: "Optimal Hardware Trojan Detection through Security Economics and Game Theory"

We're going to GOMAC this year to present our paper, "Toward Optimal Hardware Trojan Detection through Security Economics and Game Theory."  Come on out to see us!

——-

Toward Optimal Hardware Trojan Detection through Security Economics and Game Theory

Jonathan Graf

Abstract: We present a security economic model that informs the optimal selection of hardware Trojan detection strategies.  Our model accurately represents the economics and efficacy of available verification and Trojan detection methods and accounts for the varieties of available hardware Trojans.  Paired with game theoretic analysis, this model informs ASIC/FPGA designers and associated policy makers of optimal defensive strategies.