Security Assurance Guidance for Third-Party IP. Sherman, B., Borza, M., Rosenberg, B., & Qi, C. Journal of Hardware and Systems Security, 1(1):38–55, March, 2017.
Security Assurance Guidance for Third-Party IP [link]Paper  doi  abstract   bibtex   
System OEMs are increasingly adopting the motto “Trust but verify” when it comes to their supply chains. After several public incidents in which trusted vendors unknowingly provided vulnerable components, OEMs are requesting evidence of security assurance before integrating components into their products. It can be problematic for semiconductor vendors to provide such evidence since their products often contain 3rd party components that are typically treated as black boxes. Moreover, asking 3rd party vendors to provide such evidence for their components is equally problematic due to the many integration unknowns and a lack of applicable literature on security assurance for standalone technologies. We address these issues by defining a security process and relationship between semiconductor vendors and trusted 3rd party component providers and a practical methodology to produce standardized quality security assurance evidence. We provide example applications of the methodology using several open source components.
@article{sherman_security_2017,
	title = {Security {Assurance} {Guidance} for {Third}-{Party} {IP}},
	volume = {1},
	issn = {2509-3428, 2509-3436},
	url = {http://link.springer.com/10.1007/s41635-017-0002-5},
	doi = {10.1007/s41635-017-0002-5},
	abstract = {System OEMs are increasingly adopting the motto “Trust but verify” when it comes to their supply chains. After several public incidents in which trusted vendors unknowingly provided vulnerable components, OEMs are requesting evidence of security assurance before integrating components into their products. It can be problematic for semiconductor vendors to provide such evidence since their products often contain 3rd party components that are typically treated as black boxes. Moreover, asking 3rd party vendors to provide such evidence for their components is equally problematic due to the many integration unknowns and a lack of applicable literature on security assurance for standalone technologies. We address these issues by defining a security process and relationship between semiconductor vendors and trusted 3rd party component providers and a practical methodology to produce standardized quality security assurance evidence. We provide example applications of the methodology using several open source components.},
	language = {en},
	number = {1},
	urldate = {2020-03-05},
	journal = {Journal of Hardware and Systems Security},
	author = {Sherman, Brent and Borza, Mike and Rosenberg, Brian and Qi, Charles},
	month = mar,
	year = {2017},
	pages = {38--55},
}
Downloads: 0
About
Documentation
Keywords
Search
Users
Terms and Conditions of Use
Privacy Policy
Sitemap
© BibBase.org 2021