Stopping Hardware Chip Viruses


Supply Line chain disruption, manufacturing invasion, any number of 1st, 2nd and 3rd party alterations to hardware makes the machines dangerous to use.   Every electronic device is at risk.  The latest hardware attacks have been both deliberate and negligence (flaws in the hardware design). 

To address the negligence of bad hardware design is a flaw in the hardware / software non-corporation.  The most common failure is the contamination of logic across processes, which is the inability of hardware to isolate process memory.

To address the deliberate modification of hardware the few cases that have been found, is because they announced themselves. That is a chip pinged a remote site, and this took a team three years to track down.  It would be far more dangerous for a time-bomb to be planted that would permanently kill hardware with a break in a single wire.  Bomb the ball bearing plants, "all for the want of a horseshoe nail..."


A 100% absolute secure hardware device is possible, but not with current technologies. The following are some of the issues:

Single software environment:
With a well documented and limited number of targets (Unix and Windows) makes it easy to strike a great number of targets.  Here is would be easy to randomize the hardware instruction set and the internal numeric representation.  
 

Multiple number of entry points: Today's hardware has many points of access to many of the critical parts of the system. Security means building a system that is trustworthy.  Restrict physical access, this can be accomplished by limiting access to as many devices as possible from each other.  For example internal data communication limited to a single entry point optical device.  Isolation of memory, clock, cpu, registers, ..., et cetera, ...

 
Hidden logic:
Hardware without accountability. There really is no such thing as hidden logic. Technology companies simply assume that because it cannot be easily seen that it is hidden. In reality hidden logic only makes it harder to development better systems. Visualization and easy modification is key to improved security. I have no real understanding of existing security, I have to rely upon complex unknown factors that are not available to direct inspection.  This means I am working on the assumptions that I make, on the word of others, as to the correct use of security that I cannot test.
 

Failed Technologies:
A layer of logic on top of failed technologies. An inability to replace, duplicate, or understand technology, is destructive to the security of our systems.  It is the copy of a copy syndrome, that as each new release of a product fails to reproduce the previous implementation of its own logic. As system become larger the effect is magnified.


Our security is built on the practice that we let others test our security,  both in software and in hardware.  We are basing the reliability of our systems on sixty year old technologies.