NSF Award
1534602
The broader impact/commercial potential of this Small Business Innovation Research (SBIR) Phase II project is a dramatic increase in the security of modern computer hardware. This project presents a security verification software suite that detects security vulnerabilities in electronic hardware designs. Current state-of-the-art methods for detecting security vulnerabilities in hardware designs are very informal, consisting of security teams searching for these vulnerabilities through manual code review and committee discussion. This has already been shown to be ineffective in obtaining adequate security coverage, with security vulnerabilities remaining undetected and exploitable by malicious entities. With the unprecedented growth in the number of connected devices being developed for the Internet-of-Things (IoT), the number of security vulnerabilities will increase dramatically. The broader societal impact of this SBIR Phase II project is the increased security of computing systems, leading to more effective management of personal information and increased data privacy. The commercial impact is a unique software offering to semiconductor companies to help detect and prevent security vulnerabilities that could be used to compromise an IoT device. This greatly reduces the resources necessary to achieve high security coverage and eliminates long-term liabilities that can debilitate an entire company.<br/><br/>This Small Business Innovation Research (SBIR) Phase II project focuses on the technical development of a software suite for verifying security properties of hardware designs. The technology improves on the current methods in semiconductor companies that use manual audits in attempts to find security vulnerabilities in chip designs. It provides a systematic platform for verifying the security properties specified by the security teams on the actual hardware within these companies. This greatly improves the security coverage while reducing the time spent performing security audits. This SBIR Phase II project will develop the features requested directly by customers and perform the essential R&D efforts of the company's underlying information flow analysis technology in order to adequately solve customers' problems. The end result of this Phase II project will be a commercial grade product fit to detect and resolve security issues in modern electronic hardware designs.
