SBIR-STTR Award

The broader impact/commercial potential of this Small Business Innovation Research (SBIR) Phase I project is centered on transforming the way semiconductor companies are capable of approaching the issue of security - an aspect of their designs that has wide ranging impacts for our nation's commerce and infrastructure. The hardware security tool proposed in this project will enable a formal assessment of hardware system security by providing the ability to prove security properties on concrete hardware implementations. This work was motivated by interviews with over 100 prospective end users as part of the National Science Foundation Innovation Corps program, which determined that 1) current methods simply fail to address a broad scope of important vulnerabilities, and 2) there is significant demand for tools that enable engineers to discover and eliminate those vulnerabilities. With the continued growth of the cyber security ($77B) and mobile hardware security ($1B) markets, the proposed research has significant potential for sustained commercial impact. This Small Business Innovation Research (SBIR) Phase I project will develop the first tool for secure hardware design. The senior personnel on this project have learned first-hand that such a tool is both in high demand from a variety of semiconductor companies and that there is nothing currently on the market to satisfy this demand. In order to develop the tool most critically needed by our potential customers, this development project will focus on three main objectives. First, it will integrate core technology developed previously by the company's senior personnel with formal solvers in order to enable the specification and verification of provable security properties. Second, it will develop a formal language allowing hardware developers to specify an important class of security assertions that fits cleanly into modern industry practices. Lastly, this development effort will extend current state-of-the-art technology to allow hardware designs to be tested in the presence of multi-level security policies beyond just the conventional "untrusted" and "trusted" paradigms. The outcome of this project will be a tool ready to be tested on industry grade hardware designs.

The broader impact/commercial potential of this Small Business Innovation Research (SBIR) Phase II project is a dramatic increase in the security of modern computer hardware. This project presents a security verification software suite that detects security vulnerabilities in electronic hardware designs. Current state-of-the-art methods for detecting security vulnerabilities in hardware designs are very informal, consisting of security teams searching for these vulnerabilities through manual code review and committee discussion. This has already been shown to be ineffective in obtaining adequate security coverage, with security vulnerabilities remaining undetected and exploitable by malicious entities. With the unprecedented growth in the number of connected devices being developed for the Internet-of-Things (IoT), the number of security vulnerabilities will increase dramatically. The broader societal impact of this SBIR Phase II project is the increased security of computing systems, leading to more effective management of personal information and increased data privacy. The commercial impact is a unique software offering to semiconductor companies to help detect and prevent security vulnerabilities that could be used to compromise an IoT device. This greatly reduces the resources necessary to achieve high security coverage and eliminates long-term liabilities that can debilitate an entire company.This Small Business Innovation Research (SBIR) Phase II project focuses on the technical development of a software suite for verifying security properties of hardware designs. The technology improves on the current methods in semiconductor companies that use manual audits in attempts to find security vulnerabilities in chip designs. It provides a systematic platform for verifying the security properties specified by the security teams on the actual hardware within these companies. This greatly improves the security coverage while reducing the time spent performing security audits. This SBIR Phase II project will develop the features requested directly by customers and perform the essential R&D efforts of the company's underlying information flow analysis technology in order to adequately solve customers' problems. The end result of this Phase II project will be a commercial grade product fit to detect and resolve security issues in modern electronic hardware designs.