The Defense Advanced Research Projects Agency wants to test the proposition that more secure software starts with more secure hardware.

DARPA's new System Security Integrated Through Hardware and Firmware, or SSITH, program aims to tackle software security at the hardware level, according to a DARPA news release.

"Security for electronic systems has been left up to software until now, but the overall confidence in this approach is summed up in the sardonic description of this standard practice as 'patch and pray,' " said SSITH program manager Linton Salmon of the agency's Microsystems Technology Office.

SSITH focuses on seven classes of hardware vulnerabilities listed in the Common Weakness Enumeration, a crowd-sourced compendium of security issues. These classes are: permissions and privileges, buffer errors, resource management, information leakage, numeric errors, crypto errors, and code injection.

Removing these hardware weaknesses "would effectively close down more than 40 percent of the software doors intruders now have available to them," Salmon said.

Share:
More In IT and Networks