Hi All,
NSA just published DoD Microelectronics: Field Programmable Gate Array Best Practices – Threat Catalog.
This report categorizes and catalogs hardware assurance threats that apply to field programmable gate arrays (FPGA) as described in the Joint Federated Assurance Center (JFAC) FPGA Levels of Assurance (LoA) document. This report does not list all technical methods an attacker might employ, but rather it identifies categories where common mitigation strategies and approaches will be necessary. These threats originate from an adversary, are malicious, and compromise the operation of an FPGA-based system by:
Modifying intended behavior
Adding extraneous new behaviors
Impeding or preventing operation
Degrading operation or reliability
Making use of known vulnerabilities in specific FPGA devices
This report can be used to better understand how JFAC selected its FPGA best practices and to understand the threats that require mitigation using alternative approaches.
------------------------------
Michael Roza CPA, CISA, CIA, CC, MBA, Exec MBA
------------------------------