The Vulnerability Database

Created in collaboration with Steve Brown and Sohrab Aftabjahani from Intel.

Mission Statement

The Vulnerability Database portal, which is under development, is an effort by industry and academic research leaders to provide awareness to researchers and practitioners of hardware security regarding various security vulnerabilities of system-on-chips (SOC) to different types of attacks with the current choices of mitigation solutions from academia and industry. The primary goal of the portal is to develop the National Hardware Vulnerability Database (NHVD) to be shared with the potential of being used as a standard approach for enumerating and screening of various dimensions of security risks for SoCs. Based on security objectives and using a risk-based approach, security architects, designers, and validators can decide which dimensions need more attention for further security evaluation to find mitigation of the potential security gaps with design for security tools and techniques.

The secondary goal of the portal is to accelerate the creation of a security-aware ecosystem of CAD tools, which will be beneficial for all parties from academia, industry, and government. While most of the current generation of the EDA tools are still not security-aware, security researchers have been working on finding solutions to detect many of the vulnerabilities and mitigate them. Hence, the Vulnerability Database portal connects each of vulnerabilities to various solutions at different stages of their research and development such as mature tools from industry, tool prototypes from academic research, and proposed methods with a good potential to be implemented as a tool. From this perspective, the portal enables researchers from academia to showcase their work (as a tool prototype) and make it possible for industry to see a variety of solutions available from academia, start-up EDA companies, and major EDA companies.

The expected outcomes are as follows: (a) Increasing the level of interactions among academia and industry and the chance that an EDA company decides to invest on a prototype from academia to add a feature based on the prototype to the toolsets of the company, (b) Helping major EDA companies get exposure to start-up companies commercializing their prototypes, (c) Increasing the level of investment from industry in academic research in the area of hardware security, and (d) Increasing the level of funding for academic research from government as it will better show how the academic research outcomes will be shaping the new generation of security-aware EDA tools as the security practitioners will start using the tools to meet some of their needs with respect to security.

The long term goal of the portal is to create an ecosystem of user friendly, easy-to-use, and compatible security-aware design and analysis tools. To Achieve these goals, the researchers at the University of Florida have already started realizing a General Framework for Design for Security and Validation (DFSV) with several design for security and security analysis engines as plugin’s to the toolset. The framework should provide users a uniform interface to allow them to choose the type of security vulnerabilities they want to mitigate in their designs or want to analyze their designs for, and it provides them options depending on the plugin’s available and their license availability.

We seek partners from government, industry and academia to join us in this effort by providing (a) their vulnerability models to incorporated into NHVD and (b) their design for security and validation solutions (tools/engines) as plugin’s for and DFSV. We provide guidance for creating the plugin’s and a set of conventions (with the goal of making them standards in future) for compatibility and cooperativity among them.

Please contact us if you are interested to participate in this effort.

Dr. Sohrab Aftabjahani,
sohrab.aftabjahani {at} intel.com

Dr. Mark Tehranipoor, University of Florida,
tehranipoor {at} ufl.edu

Physical Attack Taxonomy

(Clickable Nodes, Pan & Zoom)

Coming Soon...

Coming Soon...