News and Events
On June 19, Jonathan Graf delivered an invited lecture to the National Academy of Sciences, Engineering, and Medicine at their Washington, DC headquarters. The topic was our research in the use of game theory to optimize the selection of microelectronics security techniques.
Congratulations to our Graduate Intern, Steven Fredericksen, whose Virginia Tech team won MITRE's Embedded Capture-the-Flag contest, a test of both offensive and defensive techniques for embedded systems security. Steven and his team beat out teams from 10 other universities, including MIT, Nebraska, and others. Nice work!
For a second consecutive year, Graf Research has been invited to the Military and Aerospace Programmable Logic Devices (MAPLD) Workshop in La Jolla, California, this time to present a keynote lecture. Jonathan Graf will present a topic entitled "Measuring Trust" on May 24. Be sure to stop in and see our keynote!
——-
Measuring Trust
By Jonathan Graf
MAPLD 2018
In space and defense microelectronics research, we often define trust in a domain-specific manner: we trust our microelectronic devices when they are genuine devices that do what they are supposed to do and nothing else. Measuring whether a microelectronic device is trusted requires blending disparate contributors. In practice, however, many tend to focus on one contributor to the exclusion of others. We often look exclusively at trust assessment methods (tools, best practices, techniques) that measure attributes of systems or devices, conflating a measurement of method efficacy with a measure of trust. How to transition from metrics that measure the efficacy of a method to metrics that measure all components that contribute to trust is an ongoing topic of research, both at Graf Research and elsewhere. These trust metrics systems blend measurements of methods with the concept of an adversary. The adversary has their own methods and uses them to interact with a defender in an engagement. Modeling this engagement correctly requires knowledge not only of the strategies available to each party but also their resources, capabilities, and goals. A useful model that considers all these elements can quantitatively inform those who wish to measure whether their devices meet the above trust definition.
In this invited talk, we will construct a system of trust metrics that considers all requisite elements. It uses a quantified, cost-indexed risk function as a trust metric to describe the payoff to a defender for selecting certain sets of methods as a detection strategy. It similarly models the adversary and their payoff for selecting an exploitation strategy. The goal of each party is to maximize their payoff. We demonstrate how these two payoff metrics may be combined using game theory to select the optimal strategies for both the adversary and defender to achieve their highest payoff when considering the likely actions of the other party. This example system focuses on hardware Trojan detection. It tells the defender the optimal method of how to find Trojans. Incidentally, it also tells the adversary the optimal methods of how to exploit the system. We conclude the talk by comparing this metric to other emerging trust metrics.
This week, Ali Asgar Sohangpurwala of Graf Research will present the "GR-TDM: A Framework for Design Space Exploration of Hardware Trojan Detection and Mitigation Tradeoffs" project in Los Angeles at DARPA's "Obfuscated Manufacturing for GPS (OMG)" kickoff meeting. If you are attending, please say hello!
Graf Research will be at the IEEE International Symposium on Hardware Oriented Security and Trust (HOST) as well as the co-located workshops the Trusted and Assured MicroElectronics Forum (TAME) and Women in Hardware and Systems Security (WISE). Please say hello to Jonathan Graf, who will be a poster session chair and judge at HOST and a panelist in the TAME forum, and Whitney Batchelor, who will be a poster judge at WISE. See you there!
Graf Research will continue our work developing solutions that blend the needs of Mission Assurance with Cyber Physical Systems security under an additional $1M of Army/OSD funding. We are proud to have Georgia Tech as a partner on this work, and we are happy to be funding both faculty and graduate student research positions through this collaboration.
Graf Research is pleased to announce the kickoff of a new DARPA project entitled "GR-TDM: A Framework for Design Space Exploration of Hardware Trojan Detection and Mitigation Tradeoffs."
After two years as a Xilinx Alliance Program Associate, Graf Research has upgraded our status in the Xilinx Alliance Program to the "Member" level! Xilinx examined our quality, business, and technical practices through a self-audit we submitted in order to meet the corporate requirements for membership. Xilinx further trained our staff to be certified as proficient and knowledgeable in the latest Xilinx technologies.
As we continue to collaborate with Xilinx and make use of their technologies, we are pleased to take this step in our relationship.
Scott Harper from Graf Research will be attending GOMAC 2018 in Miami from March 12-15. Our very own Scott Harper and Tim Dunham are co-authors on "Malicious Trigger Discovery in FPGA Firmware." Make sure to say hello to Scott!
Jonathan Graf and Scott Harper will be attending the NDIA FPGA Assurance Workshop on February 27-28. Our sponsors will be briefing on our research from the DPA Title III Trusted FPGA program. Come on out, learn about our research, and chat with Scott and Jon!
Graf Research has been awarded a multi-year contract to research and develop signal processing algorithms, software defined radio solutions, and FPGA implementations.
Graf Research has been awarded a Phase 2 SBIR to continue our work on Optimal Strategies for Cloud-Based Trust Assessment.
Graf Research has been awarded an SBIR to produce one or more ASIC and FPGA hardware 3rd-Party IP (3PIP) assessment techniques, a set of technologies we collectively refer to as GR-3PIP. The techniques must accomplish the goal of establishing trust in the 3PIP under test, but we apply additional requirements. We require that the techniques (1) do not add significant cost to the core, (2) do not require extensive time to apply, and (3) do not require extensive verification or reverse engineering expertise to use.
Graf Research has been awarded a Phase 2 SBIR to continue our work on Irrefutable Tamper Logging.
Graf Research Corporation is going to XSWG! We have been invited to give the lecture “A Cryptographically Secure Immutable Memory for Irrefutable Tamper Logging” at both groups: Longmont, Colorado (Oct 17-19) and Herndon, Virginia (Nov 7-9). Contributors to the lecture include Jonathan Graf, Ali Asgar Sohanghpurwala, Matt French, and Dr. Andrew Schmidt from USC-ISI. Register for the conference and come see us!
Graf Research has been awarded a contract to put our OpTrust tools in a high-security cloud environment to provide trust guidance to developers.
Jonathan Graf will be presenting an "Overview of Game Theoretic Analysis Work" at the Air Force Trusted & Assured Microelectronics Symposium at Wright-Patterson Air Force Base on August 30. Come on out and hear our talk!
Graf Research has been awarded a contract to create interfaces between our OpTrust software, which creates game-theory-based prescriptions for optimal hardware Trojan detection, and a prime contractor's custom electronic design automation tools.
We’ve moved to a new office in Blacksburg! We are busy ordering furniture, office flair, and other accommodations. This will be a comfortable space where our team members can come together and collaborate effectively.
Full of potential!
A shot of the exterior.
Take a look at our awesome new sign. It even lights up in the dark!
Graf Research and Georgia Tech are publishing and presenting our research on “Formal Enforcement of Mission Assurance Properties in Cyber-Physical Systems” at IEEE NAECON 2017. Come out and see our presentation!
-----
Formal Enforcement of Mission Assurance Properties in Cyber-Physical Systems
Scott Harper, Jonathan Graf, Michael A. Capone, Justin Eng, Michael Farrell, Lee W. Lerner
Abstract: Cyber-Physical Systems improve efficiency, accuracy, and access in systems ranging from household appliances to power stations to airplanes. They also bring new risks at the intersection of physical, information, and mission assurance. This paper presents CP-SMARTS, a framework providing a means for propagating CPS assurances from planning to deployment.
