HaSS: “A practical application of game theory to optimize selection of hardware Trojan detection strategies”

HaSS: “A practical application of game theory to optimize selection of hardware Trojan detection strategies”

This Christmas, Graf Research Corporation celebrates the gift of having a new paper published in the Journal of Hardware and Systems Security! The paper is entitled “A practical application of game theory to optimize selection of hardware Trojan detection strategies.” Paper contributors included Jonathan Graf, Whitney Batchelor, Scott Harper, Ryan Marlow, Ed Carlisle, and Peter Athanas. The paper will appear in the journal next week, so be on the lookout for it!

And of course, Happy Holidays and Happy New Year to all!

-----

A practical application of game theory to optimize selection of hardware Trojan detection strategies

Jonathan Graf, Whitney Batchelor, Scott Harper, Ryan Marlow, Edward Carlisle IV, and Peter Athanas

Abstract: A wide variety of Hardware Trojan countermeasures have been developed, but less work has been done to determine which are optimal for any given design. To address this, we consider not only metrics related to the performance of the countermeasure, but also the likely action of an adversary given their goals. Trojans are inserted by an adversary to accomplish an end, so these goals must be considered and quantified in order to predict these actions. The model presented here builds upon a security economic approach that models the adversary and defender motives and goals in the context of empirically derived countermeasure efficacy metrics. The approach supports formation of a two-player strategic game to determine optimal strategy selection for both adversary and defender. A game may be played in a variety of contexts, including consideration of the entire design lifecycle or only a step in product development. As a demonstration of the practicality of this approach, we present an experiment that derives efficacy metrics from a set of countermeasures (defender strategies) when tested against a taxonomy of Trojans (adversary strategies). We further present a software framework, GameRunner, that automates not only the solution to the game but also mathematical and graphical exploration of “what if” scenarios in the context of the game. GameRunner can also issue “prescriptions,” a set of commands that allows the defender to automate the application of the optimal defender strategy to their circuit of concern. Finally, we include a discussion of ongoing work to include additional software tools, a more advanced experimental framework, and the application of irrationality models to account for players who make subrational decisions.

Atlanta Office Moves to New Building

Centennial Tower, seen right behind the SkyView Atlanta Ferris wheel!

We’ve moved our new Atlanta office to the beautiful 101 Marietta St building!  We’re very excited to have a facility in one of downtown Atlanta’s famous landmarks.  We’ve got a great view of the Ferris wheel, Centennial Park, and the Georgia Tech campus, and we’re happy about having more space at the office.

View from the parking garage at night.

Graf Research Corporation Hosts Its Second All-Company Event

Graf Research Corporation Hosts Its Second All-Company Event

In keeping with tradition, we’ve hosted our second annual all-company event, this time at Mountain Lake Resort in Pembroke, Virginia. Too bad it was so foggy when we got there! But no worries—as before, everyone gave presentations covering the company’s current research and potential new directions, and we heard a lot of ideas for services and products the company could offer its customers. Great job, team! In the evening, we had a chance to converse more casually at Harvest Porch and had fun chatting and playing games.

We consider our all-company events to be vital to the company’s success. They generate new ideas, give the team a chance to get to know each other, and get everyone excited for the company’s future. We look forward to following up all these great ideas in the coming weeks to start work towards transforming them into a reality.

GOMAC 2019: “Introducing a Trust Metric Foundation and Deriving Trust-for-Buck”

GOMAC 2019: “Introducing a Trust Metric Foundation and Deriving Trust-for-Buck”

Graf Research Corporation will be returning to GOMAC, this time in Albuquerque, New Mexico. In addition to marveling at the ridges of the Sandia mountains and the wine-colored sunsets of New Mexico, we’ll be presenting our paper, “Introducing a Trust Metric Foundation and Deriving Trust-for-Buck.” Paper contributors include Scott Harper, Jonathan Graf, Whitney Batchelor, Tim Dunham, and Peter Athanas. If you’re going to GOMAC, come out and say hello to us!

-----

Hardware Trojan Detection using Xilinx Vivado

Scott Harper, Jonathan Graf, Whitney Batchelor, Tim Dunham, Peter Athanas

Abstract: This study defines a flexible quantitative metric for measuring trust-related aspects across a broad range of domains and a means of using that foundation to derive domain-specific measurements. A Trust Basis Metric is described here along with examples that build on its foundation to measure assurances and identify cost-effective trust-enhancing investments. Our primary motivation in performing this study was to quantitatively determine the best increase in trust per dollar (Trust-for-Buck) when investing in current device manufacture and distribution flows for microelectronic components.

 
 

First All-Company Event

First All-Company Event

Graf Research Corporation has hosted its first annual all-company event. What a blast! As part of the event, everyone in the company got together to present ideas on leadership, company culture, business growth, research and development, and much more—they did a great job, too! After the presentations, the company hosted a tailgate for the team and their families that included cornhole, foosball, and shuffleboard, with catering from Due South BBQ. Later in the evening, we attended the Georgia Tech vs. Virginia Tech football game (as VT fans, we won’t discuss the outcome…).

Collaboration has always been of paramount importance at Graf Research, and we hope that this event continues to foster camaraderie among the company’s team members. A lot of great ideas are churning, and we’re excited for the new directions the company is headed in.

Graf Research Senior Engineer Earns PhD

Warm congratulations to our very own Ali Asgar Sohanghpurwala, who has completed his PhD in Computer Engineering at Virginia Tech! His thesis was on “Exploits in Concurrency for Boolean Satisfiability” and presents an incredible new approach to parallel SAT solving. He has now transitioned out of his part-time role to become a full-time Senior Research Engineer with Graf Research at our new Atlanta, Georgia office!

100% of Graf Research engineers either hold or are in the process of completing advanced engineering degrees. Ali sets a good example to those in-process that finishing while working is possible!

Graf Research Corporation to present at NAECON

Graf Research Corporation will head to the IEEE National Aerospace and Electronics Conference in Fairborn, OH, to present our paper “Hardware Trojan Detection using Xilinx Vivado.” Paper contributors include Ryan Marlow, Scott Harper, Whitney Batchelor, and Jon Graf. Ryan Marlow will be the presenter.

-----

Hardware Trojan Detection using Xilinx Vivado

Ryan Marlow, Scott Harper, Whitney Batchelor, Jonathan Graf

Abstract: Modern commercial EDA tools provide end users with a framework for application specific customizations through a general-purpose programming language interface to an underlying circuit object model. Xilinx Vivado exposes that information through Tcl. This work demonstrates an implementation of a static hardware detection algorithm utilizing this interface of Vivado.

 
 

Graf Research Presents "Measuring Trust" at MAPLD 2018

For a second consecutive year, Graf Research has been invited to the Military and Aerospace Programmable Logic Devices (MAPLD) Workshop in La Jolla, California, this time to present a keynote lecture.  Jonathan Graf will present a topic entitled "Measuring Trust" on May 24.  Be sure to stop in and see our keynote!

——-

Measuring Trust

By Jonathan Graf

MAPLD 2018

In space and defense microelectronics research, we often define trust in a domain-specific manner: we trust our microelectronic devices when they are genuine devices that do what they are supposed to do and nothing else.   Measuring whether a microelectronic device is trusted requires blending disparate contributors.  In practice, however, many tend to focus on one contributor to the exclusion of others.  We often look exclusively at trust assessment methods (tools, best practices, techniques) that measure attributes of systems or devices, conflating a measurement of method efficacy with a measure of trust.  How to transition from metrics that measure the efficacy of a method to metrics that measure all components that contribute to trust is an ongoing topic of research, both at Graf Research and elsewhere.  These trust metrics systems blend measurements of methods with the concept of an adversary.  The adversary has their own methods and uses them to interact with a defender in an engagement.  Modeling this engagement correctly requires knowledge not only of the strategies available to each party but also their resources, capabilities, and goals.  A useful model that considers all these elements can quantitatively inform those who wish to measure whether their devices meet the above trust definition.

In this invited talk, we will construct a system of trust metrics that considers all requisite elements.  It uses a quantified, cost-indexed risk function as a trust metric to describe the payoff to a defender for selecting certain sets of methods as a detection strategy.  It similarly models the adversary and their payoff for selecting an exploitation strategy.  The goal of each party is to maximize their payoff.  We demonstrate how these two payoff metrics may be combined using game theory to select the optimal strategies for both the adversary and defender to achieve their highest payoff when considering the likely actions of the other party.  This example system focuses on hardware Trojan detection.  It tells the defender the optimal method of how to find Trojans. Incidentally, it also tells the adversary the optimal methods of how to exploit the system.  We conclude the talk by comparing this metric to other emerging trust metrics.

Graf Research at IEEE HOST (and TAME and WISE)

Graf Research will be at the IEEE International Symposium on Hardware Oriented Security and Trust (HOST) as well as the co-located workshops the Trusted and Assured MicroElectronics Forum (TAME) and Women in Hardware and Systems Security (WISE).   Please say hello to Jonathan Graf, who will be a poster session chair and judge at HOST and a panelist in the TAME forum, and Whitney Batchelor, who will be a poster judge at WISE.  See you there!

 

Graf Research Becomes Xilinx Alliance Program Member

After two years as a Xilinx Alliance Program Associate, Graf Research has upgraded our status in the Xilinx Alliance Program to the "Member" level!  Xilinx examined our quality, business, and technical practices through a self-audit we submitted in order to meet the corporate requirements for membership.  Xilinx further trained our staff to be certified as proficient and knowledgeable in the latest Xilinx technologies.  

As we continue to collaborate with Xilinx and make use of their technologies, we are pleased to take this step in our relationship.

Graf Research at GOMAC 2018

Scott Harper from Graf Research will be attending GOMAC 2018 in Miami from March 12-15.  Our very own Scott Harper and Tim Dunham are co-authors on "Malicious Trigger Discovery in FPGA Firmware."  Make sure to say hello to Scott!