An Agile and Rapidly Reconfigurable Test Bed for Hardware-Based Security Features

Abstract

Current general-purpose computing hardware and the software that runs on it have evolved over more than a half century from large mainframe systems in corporate, military, and research use to interconnected commodity devices more common than wrist watches. Computational power, storage capacity, and communication capabilities have increased in wonderful and staggering ways; however, when we read about the latest vulnerability or data breach it seems that cybersecurity is stuck somewhere between 1983 when Matthew Broderick first heard a synthesized voice ask “Shall we play a game?”, [93] and 1988 when the Morris worm hit the Internet [116]. Multics [82] and Scomp [54] had a shot at establishing secure computing but functionality, cost, and ease of use have largely trumped security so far. For the present, as Jaeger said, “. . . security features fail to protect the system in a myriad of ways.” [77] This study and research effort briefly surveys the roots of secure computing and present vulnerabilities that contribute to insecurity, and presents technological changes that could help stem this tide. We have gleaned a collection of demonstrated security features that could be hardware-based and therefore hardware-enforced, but would require no adaptation of existing legacy applications beyond recompiling already-existing high level source code. In this effort we demonstrate a prototype CPU with hardware-based security features that is amenable to FPGA or ASIC implementation and provide a hardware testbed based on DARPA's Cyber Grand Challenge cybersecurity “experimentation ecosystem” [39]. This will answer the question of whether hardware-based security features can produce a significant security improvement in unadapted legacy C/C++ code, and provide a testbed for further evaluation and testing of hardware-based features.