A Survey of Hardware Improvements to Secure Program Execution

Hardware has been constantly augmented for security considerations since the advent of computers. There is also a common perception among computer users that hardware does a relatively better job on security assurance compared with software. Yet, the community has long lacked a comprehensive study t...

Full description

Saved in:
Bibliographic Details
Published in:ACM computing surveys 2024-12, Vol.56 (12), p.1-37, Article 311
Main Authors: Zhao, Lianying, Shuang, He, Xu, Shengjie, Huang, Wei, Cui, Rongzhen, Bettadpur, Pushkar, Lie, David
Format: Article
Language:English
Subjects:
Hardware
Security
Security and privacy
Security in hardware
Software
Software and application security
Systems security
Taxonomy
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Hardware has been constantly augmented for security considerations since the advent of computers. There is also a common perception among computer users that hardware does a relatively better job on security assurance compared with software. Yet, the community has long lacked a comprehensive study to answer questions such as how hardware security support contributes to security, what kind of improvements have been introduced to improve such support and what its advantages/disadvantages are. By generalizing various security goals, we taxonomize hardware security features and their security properties that can aid in securing program execution, considered as three aspects, i.e., state correctness, runtime protection and input/output protection. Based on this taxonomy, the survey systematically examines (1) the roles: how hardware is applied to achieve security; and (2) the problems: how reported attacks have exploited certain defects in hardware. We see that hardware’s unique advantages and problems co-exist and it highly depends on the desired security purpose as to which type to use. Among the survey findings are also that code as part of hardware (aka. firmware) should be treated differently to ensure security by design; and how research proposals have driven the advancement of commodity hardware features.
ISSN:0360-0300
1557-7341
DOI:10.1145/3672392