A Glossary For Chip And Semiconductor IP Security And Trust
By Sergio Marchese, OneSpin Solutions
Security used to be about system and software. As threats evolve, hardware engineers also have to familiarize themselves with the security vocabulary.
A significant portion of electronic system vulnerabilities involves hardware. In 2015 the Common Vulnerabilities and Exposures (CVE-MITRE) database recorded 6,488 vulnerabilities. A considerable proportion (43%) can be classified as software-assisted hardware vulnerabilities (see Fig. 1). The discovery of Meltdown and Spectre in January 2018 has sparked a series of investigations into hardware security, particularly processors. Researchers have already exposed numerous other vulnerabilities, including Foreshadow, ZombieLoad, and RIDL and Fallout. Computer scientists at Stanford and Kaiserslautern (Germany) have also unveiled a new type of attack, dubbed the Orc attack, which threatens simple processors commonly used in embedded applications. These hardware flaws affect the security of personal computers, smartphones, and even the cloud.