Officials of the U.S. Defense Advanced Research Projects Agency (DARPA) in Arlington, Va., awarded the five contracts late last month for the for the System Security Integrated Through Hardware and firmware (SSITH) program.
SSITH aims to secure computer hardware that constrains the reduces vulnerabilities to cyber attack and protects against software attacks that exploit hardware vulnerabilities.
Those receiving SSITH contracts are Lockheed Martin Corp. Rotary and Mission Systems segment in Owego, N.Y.; The Charles Stark Draper Laboratory in Cambridge, Mass.; SRI International in Menlo Park, Calif.; Cornell University in Ithaca, N.Y.; and University of California-San Diego in La Jolla, Calif.
Lockheed Martin won a potential $11.5 million contract on 30 Nov.; Draper Lab won a potential $9.8 million contract on 29 Nov.; SRI won a potential $7.6 million contract on 21 Nov.; Cornell won a potential $2.9 million contract on 27 Nov. 27; and University of California-San Diego won a potential $1.1 million on 27 Nov. Contract amounts include base amounts and options.
Related: Trusted computing: it's not just cyber security anymore
Electronic system security has become a critical area of concern for the U.S. Department of Defense (DOD) and the broader U.S. population, DARPA officials explain. Current efforts to provide electronic security largely rely on software, which can be inadequate if fails to address the underlying hardware vulnerability.
Creative hackers can develop new ways to exploit how software accesses hardware, which can start a continuous cycle of exploitation, patching, and subsequent exploitation. Instead, the DARPA SSITH program focuses on hardware security at the microarchitecture level.
DARPA scientists are interested in security approaches that will limit computer hardware to states that are secure while maintaining the system performance and power.
The SSITH five contractors will develop architectures and design tools that enable system-on-chip (SoC) designers to safeguard hardware against all seven known common weakness enumeration (CWE) classes of hardware vulnerabilities that hackers can exploit through software.
Architectures and design tools that SSITH contractors develop may provide flexible solutions applicable to DOD and commercial electronic systems, DARPA officials say.
Security measures may include cryptography; metadata tagging; formal verification; verified state matching; anomalous state detection; secure multi-party computing; semi-homomorphic computing; and security through compartmentalization.
Systems designers might eventually be able to use SSITH security architectures so that existing application software can run on secure hardware without software modification; some software modification may be necessary, however, to exploit hardware security features fully. SSITH architectures are expected to be scalable such that they can be useful for architectures ranging from small, ultra-low power systems to large, high-performance systems.
The SSITH program has two technical areas: scalable, flexible, and adaptable integrated circuit security architectures that can be implemented easily in DOD and commercial SoCs; and ways to evaluate these architectures.
For more information contact Lockheed Martin Rotary and Mission Systems online at www.lockheedmartin.com/us/rms.html; Draper Lab at www.draper.com; SRI International at https://www.sri.com; Cornell University at www.cs.cornell.edu; or University of California-San Diego at https://cse.ucsd.edu.
Ready to make a purchase? Search the Military & Aerospace Electronics Buyer's Guide for companies, new products, press releases, and videos
