Chip Scan Director of Engineering Presents Zero Trust for Hardware at IEEE SecDev
FOR IMMEDIATE RELEASE
New York, NY - Chip Scan's Director of Engineering, Jason Lowdermilk, presented an experience report on the topic of Zero Trust for Hardware at IEEE SecDev in October 20th, 2021. The presentation puts the spotlight on practical applications of Zero Trust concepts towards hardware supply chain attack mitigation.
The presentation comes at a time when supply chain attacks are gaining significant media attention, especially after the Bloomberg Businessweek's story in 2018 regarding implanted devices in Supermicro motherboards, and the 2020 SolarWinds supply chain attack. According to the NSA, one defense from these attacks is adopting a Zero Trust security model. Zero Trust requires practitioners to eliminate implicit trust in any one element of a computer system. However, until now, very few practical methods are available for addressing these concerns using hardware.
In his presentation, Lowdermilk discussed the design choices that Chip Scan made to minimize trust in a realistic engineering effort under reasonable cost constraints. He also addressed the difficulties encountered in applying the hardware-up methodology and attempted to quantify the benefits of this method.
The case study presented in the paper focused on a satellite ground station "front-end processor" system. Chip Scan implemented the system on an FPGA to avoid potential vulnerabilities and used functional languages and C code to study two different programming language paradigms. Another commercial tool was also used to check if no backdoors were inserted into the design during the conversion process. Once the design steps were completed, the system was hosted on a commercial cloud provider.
"The implementation of the satellite ground station 'front-end processor' system on an FPGA and using functional languages and C code allowed us to study different programming language paradigms and mitigate potential vulnerabilities," said Lowdermilk. "The paper emphasized the importance of adopting a Zero Trust security model in mitigating supply chain attacks and the challenges associated with it. We believe that implementing the hardware-up methodology is essential to reduce the risk of a potential breach in the system."
Critics of the Zero Trust security model argue that it is not realistic to implement in many scenarios due to the complexities of the supply chain, particularly in legacy systems. However, Chip Scan's presentation showcased a practical approach to adopting the Zero Trust security model that can be applied in real-world scenarios.
About Chip Scan
Chip Scan is a trusted and respected innovator in the hardware cybersecurity industry, with a proven track record of delivering cutting-edge tools and technology to both the private sector and federal government. At Chip Scan, we're committed to helping our clients fortify their hardware designs against both inadvertent and intentional vulnerabilities, using our innovative Hardware-up methodology that recognizes the importance of security as a full system property, and through the application of new cyberdefense to legacy operational technologies. Our experienced leadership team brings together a wealth of expertise in both cybersecurity and hardware development, ensuring that we stay ahead of the curve in this constantly-evolving field. With our dedication to security, innovation, and service, Chip Scan is the clear choice for any organization looking to protect their hardware designs.
For more information about Chip Scan, contact us as info@chipscan.us.
###