BESSPIN (Balancing Evaluation of System Security Properties with Industrial Needs)

Funded by DARPA’s SSITH program, BESSPIN aims to develop tools and methodologies that enable provable hardware security

The goal of DARPA’s System Security Integrated through Hardware and Firmware (SSITH) program is to develop hardware design tools that provide security against hardware vulnerabilities that are exploited through software in DoD and commercial electronic systems. BESSPIN aims to provide a way to measure the effectiveness of such protection.

BESSPIN aims to develop:

(i) a set of quantitative metrics that would support practical measurement of security property compliance, enabling objective trade-offs between security and other system properties;

(ii) a framework in which security architectures and their properties could be expressed and reasoned about, both at the abstract (model) level and the concrete (product) level; and

(iii) a methodology in which metrics would drive decision-making during the design of secure systems, particularly with regard to making informed, evidence-based hardware and firmware design trade-offs among security and other characteristics such as performance, power, and area.

Initially, the goal of BESSPIN is to be applied to Government Furnished Equipment (GFE) that is provided to SSITH TA-1 performers, and then to the artifacts that other SSITH performers develop. BESSPIN’s innovation and impact will be assessed using several objective project metrics, based on results from both our own testing and the direct use of, and feedback about, our metrics and tools. In addition, a number of companies from industry aim to provide input and to evaluate our work as part of BESSPIN’s Industrial Advisory Board.

BESSPIN is a Galois-led project that also includes our partners Bluespec and lowRISC CIC.