• Computer scientists from the University of Kaiserslautern have invented a new algorithm to identify potential flaws in electronic chips.
  • It would analyze problems associated with design decisions at a microarchitectural level.

A new algorithm has been developed to find security bugs in computer chips before they hit the market. The algorithm, known as Unique Program Execution Checking (UPEC), is the brainchild of a group of researchers from the TU Kaiserslautern, Germany. According to the team’s key member Wolfgang Kunz, UPEC lets chip designers identify security flaws in the microarchitecture before they are manufactured on a large-scale.

Worth noting

  • UPEC was designed to analyze security holes in high-end processors as well as those existing in IoT devices.
  • The algorithm considers almost every possible application that can be run on processors. This way it could reveal any flaw associated in new designs.
  • UPEC analyzes flaws that stem from microarchitectures which can be exploited to create covert channels.
  • In order to test the algorithm, the researchers made use of open-source chip designs and discovered a number of unique flaws.

‘Orc’ attack

Kunz, who is the lead Professor - Chair of Electronic Design Automation at TU Kaiserslautern, told Help Net Security that UPEC can effectively remediate what they call the ‘Orc’ attack. This attack is predominantly used to target IoT devices.

“Theoretically, a hacker could use an Orc attack to assume control of an autonomous vehicle or to commandeer networked computers on the Internet-of-Things,” said another team member Subhashish Mitra, who is a Professor in the Department of Electrical Engineering and Computer Science at Stanford University.

Positive developments

UPEC is claimed to be easy to use for chip designers. Moreover, the algorithm has seen positive results for processors of medium complexity. Research on high-end processors is still ongoing and is expected to come out in the future. Overall, UPEC aims to prevent hardware security attacks in a much more proactive way.

Cyware Publisher