Security Enclave Architecture for Heterogeneous Security Primitives for Supply-Chain Attacks

• URL: http://arxiv.org/abs/2507.10971v1
• Date: Tue, 15 Jul 2025 04:28:02 GMT
• Title: Security Enclave Architecture for Heterogeneous Security Primitives for Supply-Chain Attacks
• Authors: Kshitij Raj, Atri Chatterjee, Patanjali SLPSK, Swarup Bhunia, Sandip Ray,
• Abstract summary: This paper explores the range of obstacles encountered when building a unified security architecture capable of addressing multiple attack vectors.<n>We present a thorough evaluation of its impact on silicon area and power consumption across various ASIC technologies.
• Score: 7.9837065464150685
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Designing secure architectures for system-on-chip (SoC) platforms is a highly intricate and time-intensive task, often requiring months of development and meticulous verification. Even minor architectural oversights can lead to critical vulnerabilities that undermine the security of the entire chip. In response to this challenge, we introduce CITADEL, a modular security framework aimed at streamlining the creation of robust security architectures for SoCs. CITADEL offers a configurable, plug-and-play subsystem composed of custom intellectual property (IP) blocks, enabling the construction of diverse security mechanisms tailored to specific threats. As a concrete demonstration, we instantiate CITADEL to defend against supply-chain threats, illustrating how the framework adapts to one of the most pressing concerns in hardware security. This paper explores the range of obstacles encountered when building a unified security architecture capable of addressing multiple attack vectors and presents CITADEL's strategies for overcoming them. Through several real-world case studies, we showcase the practical implementation of CITADEL and present a thorough evaluation of its impact on silicon area and power consumption across various ASIC technologies. Results indicate that CITADEL introduces only minimal resource overhead, making it a practical solution for enhancing SoC security.

Related papers

• Secure Tug-of-War (SecTOW): Iterative Defense-Attack Training with Reinforcement Learning for Multimodal Model Security [63.41350337821108]
  We propose Secure Tug-of-War (SecTOW) to enhance the security of multimodal large language models (MLLMs)<n>SecTOW consists of two modules: a defender and an auxiliary attacker, both trained iteratively using reinforcement learning (GRPO)<n>We show that SecTOW significantly improves security while preserving general performance.
  arXiv  Detail & Related papers  (2025-07-29T17:39:48Z)
• HSM and TPM Failures in Cloud: A Real-World Taxonomy and Emerging Defenses [0.0]
  This paper presents a comprehensive analysis of publicly disclosed attacks and breaches involving HSMs and TPMs in cloud environments.<n>We propose a taxonomy of attack vectors based on real-world case studies and threat intelligence reports, highlighting the gaps between hardware trust anchors and dynamic cloud ecosystems.<n>Our findings emphasize that securing cloud-based cryptographic trust requires a layered, context-aware approach.
  arXiv  Detail & Related papers  (2025-07-23T16:18:16Z)
• SAFER-D: A Self-Adaptive Security Framework for Distributed Computing Architectures [6.145115042061793]
  The rise of the Internet of Things and Cyber-Physical Systems has introduced new challenges on ensuring secure and robust communication.<n>We present our holistic self-adaptive security framework which combines different adaptation strategies to create comprehensive and efficient defense mechanisms.
  arXiv  Detail & Related papers  (2025-06-19T19:02:35Z)
• CyFence: Securing Cyber-Physical Controllers via Trusted Execution Environment [45.86654759872101]
  Cyber-physical systems (CPSs) have experienced a significant technological evolution and increased connectivity, at the cost of greater exposure to cyber-attacks.<n>We propose CyFence, a novel architecture that improves the resilience of closed-loop control systems against cyber-attacks by adding a semantic check.<n>We evaluate CyFence considering a real-world application, consisting of an active braking digital controller, demonstrating that it can mitigate different types of attacks with a negligible overhead.
  arXiv  Detail & Related papers  (2025-06-12T12:22:45Z)
• Modern Hardware Security: A Review of Attacks and Countermeasures [1.7265013728931]
  In this paper, we review the current state of vulnerabilities and mitigation strategies in contemporary computing systems.<n>We discuss cache side-channel attacks (including Spectre and Meltdown), power side-channel attacks (such as Simple Power Analysis), and advanced techniques like Voltage Glitching and Electromagnetic Analysis.<n>The paper concludes with an analysis of the RISC-V architecture's unique security challenges.
  arXiv  Detail & Related papers  (2025-01-08T10:14:19Z)
• ACRIC: Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
  Recent security incidents in safety-critical industries exposed how the lack of proper message authentication enables attackers to inject malicious commands or alter system behavior.<n>These shortcomings have prompted new regulations that emphasize the pressing need to strengthen cybersecurity.<n>We introduce ACRIC, a message authentication solution to secure legacy industrial communications.
  arXiv  Detail & Related papers  (2024-11-21T18:26:05Z)
• EARBench: Towards Evaluating Physical Risk Awareness for Task Planning of Foundation Model-based Embodied AI Agents [53.717918131568936]
  Embodied artificial intelligence (EAI) integrates advanced AI models into physical entities for real-world interaction.<n>Foundation models as the "brain" of EAI agents for high-level task planning have shown promising results.<n>However, the deployment of these agents in physical environments presents significant safety challenges.<n>This study introduces EARBench, a novel framework for automated physical risk assessment in EAI scenarios.
  arXiv  Detail & Related papers  (2024-08-08T13:19:37Z)
• SETC: A Vulnerability Telemetry Collection Framework [0.0]
  This paper introduces the Security Exploit Telemetry Collection (SETC) framework. SETC generates reproducible vulnerability exploit data at scale for robust defensive security research. This research enables scalable exploit data generation to drive innovations in threat modeling, detection methods, analysis techniques, and strategies.
  arXiv  Detail & Related papers  (2024-06-10T00:13:35Z)
• Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments [60.51751612363882]
  We investigate the security implications of and software-based Open Radio Access Network (RAN) systems. We highlight the presence of potential vulnerabilities and misconfigurations in the infrastructure supporting the Near Real-Time RAN Controller (RIC) cluster.
  arXiv  Detail & Related papers  (2024-05-03T07:18:45Z)
• SISSA: Real-time Monitoring of Hardware Functional Safety and Cybersecurity with In-vehicle SOME/IP Ethernet Traffic [49.549771439609046]
  We propose SISSA, a SOME/IP communication traffic-based approach for modeling and analyzing in-vehicle functional safety and cyber security. Specifically, SISSA models hardware failures with the Weibull distribution and addresses five potential attacks on SOME/IP communication. Extensive experimental results show the effectiveness and efficiency of SISSA.
  arXiv  Detail & Related papers  (2024-02-21T03:31:40Z)
• ThreatKG: An AI-Powered System for Automated Open-Source Cyber Threat Intelligence Gathering and Management [65.0114141380651]
  ThreatKG is an automated system for OSCTI gathering and management. It efficiently collects a large number of OSCTI reports from multiple sources. It uses specialized AI-based techniques to extract high-quality knowledge about various threat entities.
  arXiv  Detail & Related papers  (2022-12-20T16:13:59Z)
• GRAVITAS: Graphical Reticulated Attack Vectors for Internet-of-Things Aggregate Security [5.918387680589584]
  Internet-of-Things (IoT) and cyber-physical systems (CPSs) may consist of thousands of devices connected in a complex network topology. We describe a comprehensive risk management system, called GRAVITAS, for IoT/CPS that can identify undiscovered attack vectors.
  arXiv  Detail & Related papers  (2021-05-31T19:35:23Z)
• Constraints Satisfiability Driven Reinforcement Learning for Autonomous Cyber Defense [7.321728608775741]
  We present a new hybrid autonomous agent architecture that aims to optimize and verify defense policies of reinforcement learning (RL) We use constraints verification (using satisfiability modulo theory (SMT)) to steer the RL decision-making toward safe and effective actions. Our evaluation of the presented approach in a simulated CPS environment shows that the agent learns the optimal policy fast and defeats diversified attack strategies in 99% cases.
  arXiv  Detail & Related papers  (2021-04-19T01:08:30Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.