More than 99 percent of all microprocessors in use today are components of embedded systems, and their intrinsically insecure architecture leaves connected systems vulnerable to attack. The growing urgency of assuring security puts developers in a bind. The hardware driving connected platforms makes them vulnerable, but hardware security is costly and inflexible. Software security is flexible, but adding more layers of security software often just adds more exploitable bugs.
Experience developing highly secure embedded systems for government customers and custom processors enabled Draper to design a solution with the robustness of hardware and the flexibility of software. Draper’s Inherently Secure Processor (ISPTM) is a comprehensive solution—immune to many of the most common known vulnerabilities, including those in the top 25 items on the Common Weakness Enumeration list, and strong enough to resist zero-day attacks. Unlike software that targets particular, known exploits and requires frequent updates, ISP prevents entire classes of vulnerabilities and isn’t outdated when the next exploit comes out. With security policies that can be updated as needs change, ISP has the flexibility to protect its embedded system continuously from cradle to grave.
ISP is truly a “smart” chip; its design prevents it from blindly running vulnerable software. Unique metatags assigned to every memory word and register allow the processor to differentiate between instructions and malicious code. A parallel-running processor compares all tags against pre-installed rules, interrupting the application if malicious code violates a policy. Loaded at boot time, the security policies cannot be corrupted by potential attackers but can be improved and extended by developers as security needs change.
ISP avoids the common pitfall of sacrificing speed for increased security by using caches for acceptable combinations of instructions and associated metadata. The impact on performance rarely exceeds 5 percent. To ensure clean builds, free platform access and rapid integration, Draper’s solution is built atop the standard RISC-V Instruction Set Architecture (ISA) and is extendable to any RISC-based processor.
In designing ISP, engineers leveraged ideas from DARPA’s Clean-slate Resilient, Adaptive, Secure Hosts (CRASH) research program and Draper’s ability to design and prototype microprocessors. Draper continues to develop the ISP through a $9.8 million award under the DARPA System Security Integrated Through Hardware and Firmware (SSITH) program, as well as ongoing internal funding. Future improvements include scaling the technology to high-performance cores for high-computing applications such as artificial intelligence and autonomy, addressing the seven top-tier security classes with new micropolicies and ensuring incorruptible micropolicies with formal verification.