Connect with us

Hi, what are you looking for?



DARPA Wants Hardware With Built-in Security

DARPA seeking solutions for more secure hardware

DARPA seeking solutions for more secure hardware

The U.S. Defense Advanced Research Projects Agency (DARPA) announced this week a new program that aims to develop a framework for building hack protections directly into hardware.

The agency pointed out that the integrated circuits found in many devices often have vulnerabilities that can be exploited with software exploits, and software patches represent only a temporary solution.

As part of a new 39-month program named System Security Integrated Through Hardware and Firmware (SSITH), DARPA hopes to receive proposals for new chip architectures which would disarm software attacks that leverage hardware flaws.

The SSITH project focuses on two main technical areas: developing a secure hardware architecture and tools to help manufacturers take advantage of security innovations, and identifying a methodology and metrics for determining the security status of new systems.

Some chip makers, such as Intel, have already been integrating various protections into their products, but DARPA wants design tools that would be widely available, leading to built-in security becoming a standard for integrated circuits used in U.S. Department of Defense and commercial systems.

DARPA said proposals should address one or more of the seven hardware vulnerability classes in the Common Weaknesses Enumeration (CWE) list. These include code injections, permissions and privileges, buffer errors, information leakage, resource management, numeric errors, and cryptographic issues.

The agency pointed out that more than 2,800 incidents have involved one of these vulnerabilities, and SSITH program manager Linton Salmon, of DARPA’s Microsystems Technology Office, believes more than 40 percent of software weaknesses can be addressed by removing these types of flaws.

“Security for electronic systems has been left up to software until now, but the overall confidence in this approach is summed up in the sardonic description of this standard practice as ‘patch and pray,’” said Salmon “This race against ever more clever cyberintruders is never going to end if we keep designing our systems around gullible hardware that can be fooled in countless ways by software.”

Advertisement. Scroll to continue reading.

Experts interested in submitting a proposal can learn more about the project and have the opportunity to team up with others on Friday, April 21, 2017, at the Booz Allen Hamilton Conference Center.

Related: Rapid7 Adds Hardware Testing Capabilities to Metasploit

Related: Intel Offers Up to $30,000 for Hardware Vulnerabilities

Related: DARPA to Hunt for Malicious Functions in Hardware and Software

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...