Helena Handschuh wrote a recent article in EE Times stating that “with the proliferation of intelligent devices, the industry needs new robust security approaches instead of trying to fix the cracks in existing designs.”
Handschuh is chair of the RISC-V Foundation’s security standing committee and a Fellow at Rambus.
Titled “RISC-V, DARPA Advance Security,” the article cites the fact that companies often don’t build security into their products from the start. Instead, she noted, they add on cryptographic algorithms and primitives to achieve confidentiality and authenticity properties. But, Handschuh cautioned, “this add-on approach makes the product a target of possible attacks.”
Her article included the work DARPA is performing with its System Security Integration Through Hardware and Firmware (SSITH) program. Helena explained the program was created to break the cycle of vulnerability exploitation. She noted that the goal of SSITH is to develop new hardware security architectures and associated design tools. These are the tools she said that provide security against hardware vulnerabilities, which are exploited through software.
She discussed a particular RISC-V Foundation member, Galois, as a company developing tools and techniques for quantitatively measuring and reasoning for system security, particularly for hardware.
Galois is said to be working on developing baseline processors from which security improvements will be measured, port and support baseline operating systems and compilers for those CPUs and develop a demonstration application for secure hardware.
According to her article, DARPA recently announced that Galois will be developing a voting system as the demonstration vehicle for this secure system, built with fully open source hardware and software. As explained in her article, this voting system is intended to serve as an important demonstration of how DARPA technology can be used for a critical infrastructure system.
She explained, “The voting system will be built on open source RISC-V CPUs and will incorporate auditable software components, enabling the public to review both the software and the hardware since the RISC-V ISA is public and standardized.”
According to Handschuh, the purpose of the voting system is to encourage continued research and innovation to develop more secure hardware and software solutions for the benefit of everyone.
In closing out her article, Handschuh said, “the future of security is in the hands of developers. We strongly encourage everyone to get involved and work together to tackle the dynamic security demands of this new era of innovation.”