Fault Evaluation for Security-Critical Communications Devices

Abstract

Communications devices for government or military applications must keep data secure, even when their electronic components fail. Combining information flow and risk analyses could make fault-mode evaluations for such devices more efficient and cost-effective. Conducting high-grade information security evaluations for computer communications devices is intellectually challenging, time-consuming, costly, and error prone. We believe that our structured approach can reveal potential fault modes because it simplifies evaluating a device's logical design and physical construction. By combining information-flow and risk-analysis techniques, evaluators can use the process to produce a thorough and transparent security argument. In other work, we have applied static analysis techniques to the evaluation problem, treating a device's schematic circuitry diagram as an information flow graph. This work shows how to trace information flow in different operating modes by representing connectivity between components as being conditional on specific device states. We have also developed a way to define the security-critical region of components with particular security significance by identifying components that lie on a path from a high-security data source to a low-security sink. Finally, to make these concepts practical, we have implemented them in an interactive analysis tool that reads schematic diagrams written in the very high speed integrated circuit (VHSIC) hardware description language.