https://spectrum.ieee.org/hardware-hacking

[                    ]

IEEE.orgIEEE Xplore Digital LibraryIEEE StandardsMore Sites
Sign InJoin IEEE
 
Machine Learning Helps Fuzzing Find Hardware Bugs
Share
FOR THE TECHNOLOGY INSIDER
Search: [                    ]
Explore by topic
AerospaceArtificial IntelligenceBiomedicalClimate TechComputing
Consumer ElectronicsEnergyHistory of TechnologyRoboticsSemiconductors
TelecommunicationsTransportation
IEEE Spectrum
FOR THE TECHNOLOGY INSIDER

Topics

AerospaceArtificial IntelligenceBiomedicalClimate TechComputing
Consumer ElectronicsEnergyHistory of TechnologyRoboticsSemiconductors
TelecommunicationsTransportation

Sections

FeaturesNewsOpinionCareersDIYEngineering Resources

More

NewslettersPodcastsSpecial ReportsCollectionsExplainersTop
Programming LanguagesRobots Guide /IEEE Job Site /

For IEEE Members

Current IssueMagazine ArchiveThe InstituteThe Institute Archive

For IEEE Members

Current IssueMagazine ArchiveThe InstituteThe Institute Archive

IEEE Spectrum

About UsContact UsReprints & Permissions /Advertising /

Follow IEEE Spectrum

      

Support IEEE Spectrum

IEEE Spectrum is the flagship publication of the IEEE -- the world's
largest professional organization devoted to engineering and applied
sciences. Our articles, podcasts, and infographics inform our readers
about developments in technology, engineering, and science.
Join IEEE
Subscribe
About IEEEContact & SupportAccessibilityNondiscrimination PolicyTerms
IEEE Privacy PolicyCookie Preferences
(c) Copyright 2024 IEEE -- All rights reserved. A not-for-profit
organization, IEEE is the world's largest technical professional
organization dedicated to advancing technology for the benefit of
humanity.
 

Enjoy more free content and benefits by creating an account

Saving articles to read later requires an IEEE Spectrum account

The Institute content is only available for members

Downloading full PDF issues is exclusive for IEEE Members

Access to Spectrum's Digital Edition is exclusive for IEEE Members

Following topics is a feature exclusive for IEEE Members

Adding your response to an article requires an IEEE Spectrum account

Create an account to access more content and features on IEEE
Spectrum, including the ability to save articles to read later,
download Spectrum Collections, and participate in conversations with
readers and editors. For more exclusive content and features,
consider Joining IEEE.

Join the world's largest professional organization devoted to
engineering and applied sciences and get access to all of Spectrum's
articles, archives, PDF downloads, and other benefits. Learn more -

CREATE AN ACCOUNTSIGN IN
JOIN IEEESIGN IN
Close

Access Thousands of Articles -- Completely Free

Create an account and get exclusive content and features: Save
articles, download collections, and talk to tech insiders -- all free!
For full access and benefits, join IEEE as a paying member.

CREATE AN ACCOUNTSIGN IN
SemiconductorsTopicTypeNewsConsumer Electronics

Machine Learning Helps Fuzzing Find Hardware Bugs

Age-old software-testing technique automated to boost chip supply
throughput

Tammy Xu
03 Jan 2024
3 min read
glowing white box in center surrounded by orange lights and blue
lights trailing
iStock
     
hardware hackingreinforcement learningprocessorssupply chainchip
shortage

In the age of the global chip-supply shortage, any speedup in chip
manufacturing and quality-assurance testing is a potential lifeline.
So a technique first developed to find instabilities in UNIX
command-line prompts in the 1980s is now being retooled to automate
chip tests on the assembly line--and discover bugs that could
ultimately lead to hardware vulnerabilities like the sort that led to
the Meltdown and Spectre flaws and waves of hacks that sprung from
them.

It's difficult to patch hardware bugs, so catching them early in the
product development cycle is important, says Texas A&M University
engineering associate professor Jeyavijayan Rajendran. A coauthor on
the new study, Rajendran likened chip manufacturers to the car
industry, which has to issue recalls to fix security issues. Ideally,
flaws are found before vehicles are rolled out to consumers in the
first place.

"When people design hardware, they do not think about security up
front.... And because of this, a lot of hardware vulnerabilities
creep into the system."
--Jeyavijayan Rajendran, Texas A&M

Rajendran's work--to be presented at the Design, Automation and Test
in Europe (DATE) conference--relies on a technique called "fuzzing,"
which, in this case, introduces commands and prompts to a chip that
are not quite correct. They aren't complete nonsense, but they
contain enough correct syntax to make the system behave erratically
and unpredictably. Studying those erratic responses to "fuzzed"
commands can then point researchers--or hackers--to potential weak
links in the system.

This is why fuzzing is increasingly popular for hardware testing. It
uncovers flaws by running the hardware with edge cases and unexpected
inputs--like random data and machine instructions--to stress the system
and see if something breaks. If the system does something unexpected,
researchers zero in to determine if there is a security flaw that
hackers could take advantage of.

"We do a comparison between the expectation of what the processor
should do and the reality of what the processor is actually doing,"
says Rajendran.

These tests save time because they can be automated and executed
multiple times during a product-development cycle, and performed in
parallel with other engineering work. But researchers are still
looking for ways to make hardware fuzzing techniques faster and more
efficient. Currently, fuzzing algorithms employ a rigid strategy for
selecting new random inputs. This rigidness slows down the process of
discovering vulnerabilities because it doesn't take advantage of
promising leads.

In this study, researchers used reinforcement learning to select
inputs for fuzz testing. They adapted an algorithm used to solve the
multi-armed bandit (MAB) problem--the dilemma of how to optimize
rewards when faced with the choice of accepting known rewards or
exploring rewards that may be greater or lower. In this case, the
algorithm--called MABFuzz--is used to decide whether to try a new
random input or stick with one that works well. Researchers found
that MABFuzz achieved significant speedup in detecting
vulnerabilities and covering the testing space.

Hardware vulnerabilities have attracted more attention recently
because processors are increasingly complex and designed to optimize
for performance, said Rajendran. That presents more places for
security flaws to hide.

"When people design hardware, they do not think about security up
front," he says. "They think about things like power, performance--but
security is not their first design metric. And because of this, a lot
of hardware vulnerabilities creep into the system."

Traditional hardware testing strategies mostly consist of manual
testing by hardware security experts, but that strategy can't scale
up to meet the needs of modern processors. Manual testing is time
consuming and expensive, and limited by the availability of security
experts.

Automated hardware-testing techniques like fuzz testing aren't meant
to replace manual testing by experts, Rajendran says. Instead, it's a
first line of defense that can uncover a large number of relatively
easy-to-find vulnerabilities easily, he said. That frees up security
experts' time to uncover the really tricky bugs that still require
expertise to find.

Ahmad-Reza Sadeghi, professor of computer science at the Technical
University of Darmstadt, who is a coauthor on the study, says
improved security testing for hardware components will be important
for the future of chip engineering. Strategies that can make the
process of quickly uncovering vulnerabilities easier are needed for a
healthy chip industry, just as supply chains and manufacturing
capabilities are.

From Your Site Articles

  * Three Ways to Hack a Printed Circuit Board >
  * DARPA: Hack Our Hardware >

Related Articles Around the Web

  * Hacking of consumer electronics - Wikipedia >

hardware hackingreinforcement learningprocessorssupply chainchip
shortage
Tammy Xu
Tammy Xu is a freelance reporter based in Evanston, Illinois. She
writes about energy, technology, and climate.
 
The Conversation (0)
portrait of a woman in a lab coat smiling for the camera with a
whiteboard and text in the background
The InstituteTopicBiomedicalTypeCareersProfile

This Rice University Professor Developed Cancer-Detection Technology

2h
6 min read
a large sign reading CES backlit against blue and green colors
Consumer ElectronicsTopicTypeNews

CES 2024 Preview: A Tricorder, Magic Mirrors, and a Solar EV

7h
5 min read
space image of Earth with multiple satellites around the middle on a
black background
The InstituteTopicAerospaceArticleType

The LEO Satellite Industry Needs More Engineers

07 Jan 2024
4 min read

Related Stories

TransportationTopicArtificial IntelligenceTypeNews

Autonomous Subs Use AI to Wayfind Without GPS

Climate TechTopicEnergyTypeNews

Restoring Microgrids After Power Loss Requires Smarts

SemiconductorsTopicTypeNews

New Techniques Can Identify Hard-to-Spot FPGA Fakes