loading page

CRESS: Framework for Vulnerability Assessment of Attack Scenarios in Hardware Reverse Engineering
  • +1
  • Matthias Ludwig ,
  • Alexander Hepp ,
  • Michaela Brunner ,
  • Johanna Baehr
Matthias Ludwig
Infineon Technologies AG, Infineon Technologies AG

Corresponding Author:[email protected]

Author Profile
Alexander Hepp
Author Profile
Michaela Brunner
Author Profile
Johanna Baehr
Author Profile


Trust and security of microelectronic systems are a major driver for game-changing trends like autonomous driving or the internet of things. These trends are endangered by threats like soft- and hardware attacks or IP tampering – wherein often hardware reverse engineering (RE) is involved for efficient attack planning. The constant publication of new RE-related scenarios and countermeasures renders a profound rating of these extremely difficult. Researchers and practitioners have no tools or framework which aid a common, consistent classification of these scenarios. In this work, this rating framework is introduced: the common reverse engineering scoring system (CRESS). The framework allows a general classification of published settings and renders them comparable. We introduce three metrics: exploitability, impact, and a timestamp. For these metrics, attributes are defined which allow a granular assessment of RE on the one hand, and attack requirements, consequences, and potential remediation strategies on the other. The system is demonstrated in detail via five case studies and common implications are discussed. We anticipate CRESS to evaluate possible vulnerabilities and to safeguard targets more proactively.