{"title":"硬件安全风险评估:一个案例研究","authors":"Brent Sherman, David M. Wheeler","doi":"10.1109/HST.2016.7495579","DOIUrl":null,"url":null,"abstract":"The security demands on development teams are growing in direct proportion to the security incidents discovered and leveraged in computer crime and cyber warfare every day. There is ongoing research to increase the effectiveness of security defect detection and penetration testing of products, but where the literature is thin, is in actual case studies that apply security assurance processes in a large-scale hardware-centric environment. This paper adds to the literature by providing an actual case study of hardware security assurance practices using a sample size of 151 projects. Furthermore, it documents and analyzes the efficacy of deploying selective automation using quantitative weighted risk ratings of the Security Development Lifecycle (SDL) to hardware projects, including strategic reuse of existing SDL collaterals for derivative projects. The evaluated methodology provided acceptable accuracy and labor savings, but the results indicate that automation focusing on assignment of a quantitative risk scoring introduces a dilution of real security concerns; instead, an approach using qualitative analysis and assignment of security assurance tasks is more beneficial.","PeriodicalId":194799,"journal":{"name":"2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-05-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Hardware security risk assessment: A case study\",\"authors\":\"Brent Sherman, David M. Wheeler\",\"doi\":\"10.1109/HST.2016.7495579\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The security demands on development teams are growing in direct proportion to the security incidents discovered and leveraged in computer crime and cyber warfare every day. There is ongoing research to increase the effectiveness of security defect detection and penetration testing of products, but where the literature is thin, is in actual case studies that apply security assurance processes in a large-scale hardware-centric environment. This paper adds to the literature by providing an actual case study of hardware security assurance practices using a sample size of 151 projects. Furthermore, it documents and analyzes the efficacy of deploying selective automation using quantitative weighted risk ratings of the Security Development Lifecycle (SDL) to hardware projects, including strategic reuse of existing SDL collaterals for derivative projects. The evaluated methodology provided acceptable accuracy and labor savings, but the results indicate that automation focusing on assignment of a quantitative risk scoring introduces a dilution of real security concerns; instead, an approach using qualitative analysis and assignment of security assurance tasks is more beneficial.\",\"PeriodicalId\":194799,\"journal\":{\"name\":\"2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)\",\"volume\":\"12 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-05-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/HST.2016.7495579\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HST.2016.7495579","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
The security demands on development teams are growing in direct proportion to the security incidents discovered and leveraged in computer crime and cyber warfare every day. There is ongoing research to increase the effectiveness of security defect detection and penetration testing of products, but where the literature is thin, is in actual case studies that apply security assurance processes in a large-scale hardware-centric environment. This paper adds to the literature by providing an actual case study of hardware security assurance practices using a sample size of 151 projects. Furthermore, it documents and analyzes the efficacy of deploying selective automation using quantitative weighted risk ratings of the Security Development Lifecycle (SDL) to hardware projects, including strategic reuse of existing SDL collaterals for derivative projects. The evaluated methodology provided acceptable accuracy and labor savings, but the results indicate that automation focusing on assignment of a quantitative risk scoring introduces a dilution of real security concerns; instead, an approach using qualitative analysis and assignment of security assurance tasks is more beneficial.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
