CRESS: Framework for Vulnerability Assessment of Attack Scenarios in
Hardware Reverse Engineering
Abstract
Trust and security of microelectronic systems are a major driver for
game-changing trends like autonomous driving or the internet of things.
These trends are endangered by threats like soft- and hardware attacks
or IP tampering – wherein often hardware reverse engineering (RE) is
involved for efficient attack planning. The constant publication of new
RE-related scenarios and countermeasures renders a profound rating of
these extremely difficult. Researchers and practitioners have no tools
or framework which aid a common, consistent classification of these
scenarios. In this work, this rating framework is introduced: the common
reverse engineering scoring system (CRESS). The framework allows a
general classification of published settings and renders them
comparable. We introduce three metrics: exploitability, impact, and a
timestamp. For these metrics, attributes are defined which allow a
granular assessment of RE on the one hand, and attack requirements,
consequences, and potential remediation strategies on the other. The
system is demonstrated in detail via five case studies and common
implications are discussed. We anticipate CRESS to evaluate possible
vulnerabilities and to safeguard targets more proactively.