[s-t] needle in haystack digest #3 (fwd from Nick.Barnes at pobox.com)
Major Variola (ret)
mv at cdc.gov
Thu Nov 6 13:57:19 PST 2003
At 06:00 PM 11/6/03 +0100, Eugen Leitl wrote:
>I guess I didn't make myself clear. I wasn't hypothesizing an attack
>against a fab. I was saying that
The focus on Thomspon-trojaned tools and Chipworks-style reverse
engineering is silly.
There are plenty of folks who need green cards,
or whose relatives do, who have modify access to the CVS of the RTL
for a chip. That is the best way to add unauthorized "features"
--through a technically
competent insider.
Since the features are not in the spec, they won't be tested for. Sure,
you might have to
do some work after the chips are fielded --getting the trojaned system
to process
a certain string, wiretapping its response-- but the payoff can be huge.
More information about the Testlist
mailing list