Chapter 2 Security Rule Check

With the emergence of information technology and its critical role in our daily lives, the risk of cyber attacks is larger than ever before. Many security systems or devices have critical assurance requirement. Their failure may endanger human life and environment, cause serious damage to critical infrastructure, hinder personal privacy, and undermine the viability of whole business sectors. Even the perception that a system is more vulnerable than it really is (e.g., paying with a credit card over the Internet) can significantly impede economic development. The defense against intrusion and unauthorized use of resources with software has gained significant attention in the past. Security technologies, including antivirus, firewall, virtualization, cryptographic software, and security protocols, have been developed to make systems more secure. While the battle between software developers and hackers has raged since the 1980s, the underlying hardware was generally considered safe and secure. However, in the last decade or so, the battlefield has expanded to hardware domain, since emerging attacks on hardware are shown to be more effective and efficient than traditional software attacks in some aspects. For example, while the cryptographic algorithms have been improved and become extremely difficult (if not impossible) to break mathematically, their implementations are often not. It has been demonstrated that the security of cryptosystems, system on chips (SoCs), and microprocessor circuits can be compromised using timing analysis attacks [1], power analysis