C. Warren Axelrod

Software Begat Hardware Begat Software Begat …

I happened to be browsing through some magazines at a newsstand when I came across the August 2010 issue of Scientific American and noticed that they were featuring an article by John Villasenor about “The Hacker in Your Hardware.”

I found the description of what the author believes to be the predominant form of hardware hacks to be most interesting, particularly as, seemingly, the miscreants attack software used to instruct chip-manufacturing machines producing integrated circuits, rather than modifying physical components to the circuitry. So really it’s the software after all.

What was particularly exciting for me was that Villasenor raised two software engineering issues about which I have been harping for some time: first, what I call “functional security testing,” and second the need to write instrumentation into software code to be able to monitor, report and respond to activities buried within an application.

Regarding the former, Villasenor states that “… chipmakers will have to test their models [of chip functionality] against every possible trigger to ensure that the hardware is clean.. He goes on to say that such an approach “… is simply not possible—the universe of possible triggers is far too large.” From this he concludes that “…[c]ompanies test as best they can, even though this necessarily means testing only a small percentage of possible inputs.” Hallelujah! Finally someone else has expressed the problem, which I have been expressing in various forums, and suggests a practical approach to resolving the issue of testing that software does not do functionally what it is not supposed to. I have been saying for some time that the combinations and permutations of potential inputs are too numerous for universal testing and that some statistical sampling approach must be taken so as to test a subset of cases and extrapolate to the entire population of cases.

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*