Automating Security Assurance: Specification, Verification, and Attack
Security validation is an important yet challenging part of the hardware design process. A security validation engineer is tasked with defining the threat model, specifying the relevant security properties, detecting any violations of those properties, and assessing their consequences to the overall system security. The process is often seen as more art than science. In this talk I will describe my group’s effort to systematize and automate the security validation process. We have built a suite of security specification miners, a tool for the symbolic exploration of a hardware design that produces complete exploits, including the payload, and a tool to translate a set of security properties written for one design to make them suitable for use with a second design. Taken together, these tools are pushing forward the emerging science of security validation.
Cynthia Sturton, Ph.D.
Cynthia Sturton is an Associate Professor and Peter Thacher Grauer Scholar at the University of North Carolina at Chapel Hill. She leads the Hardware Security @ UNC research group to investigate the use of static and dynamic analysis techniques to protect against vulnerable hardware designs. Her research is funded by several National Science Foundation awards, the Semiconductor Research Corporation, Intel, a Junior Faculty Development Award from the University of North Carolina, and a Google Faculty Research Award. She was recently awarded the Computer Science Departmental Teaching Award at the University of North Carolina. Sturton received her BSE from Arizona State University and her MS and PhD from the University of California, Berkeley.
Host: Professor Patrick Schaumont