Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


Composable Security: The Challenge of Security Models That Can Span from the Silicon to Software and Systems

March 2, 2022


Jeremy Bellay - Battelle Memorial Institute


Cybersecurity, by its nature, is a complex and continuously evolving field. Recently, understanding of the supply chain’s role in security has received new emphasis due to the high-profile Solar Winds attack, and the increasing movement of state-of-the-art silicon manufacturing off American shores. This raises the question of how we integrate security models used at the factory or by the supplier with security assessment estimates that are required later in the lifecycle and at the system level. In this talk we review the resources currently available to describe cyber vulnerabilities and weaknesses in hardware, software, and systems. We then look at what is required to characterize vulnerabilities in hardware and software components, compound components, and systems.  Finally we describe how this infrastructure could support the goal of security models that are composable and meaningful across the abstractions and contexts of real systems.


Created April 27, 2022