Dark Mode
Capec-671 Detail
Requirements for ASIC Functionality Maliciously Altered
Detailed Supply Chain Hardware Likelihood: Low Typical Severity: High
Parents: 447
An adversary with access to functional requirements for an application specific integrated circuit (ASIC), a chip designed/customized for a singular particular use, maliciously alters requirements derived from originating capability needs. In the chip manufacturing process, requirements drive the chip design which, when the chip is fully manufactured, could result in an ASIC which may not meet the user’s needs, contain malicious functionality, or exhibit other anomalous behaviors thereby affecting the intended use of the ASIC.
Not present
| External ID | Source | Link | Description |
|---|---|---|---|
| CAPEC-671 | capec | https://capec.mitre.org/data/definitions/671.html | |
| T1195.003 | ATTACK | https://attack.mitre.org/wiki/Technique/T1195/003 | Supply Chain Compromise: Compromise Hardware Supply Chain |
| REF-439 | reference_from_CAPEC | http://www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf | John F. Miller, Supply Chain Attack Framework and Attack Patterns, 2013, The MITRE Corporation |
Not present
- An adversary would need to have access to a foundry’s or chip maker’s requirements management system that stores customer requirements for ASICs, requirements upon which the design of the ASIC is based.
Not present
| High |
|---|
| An adversary would need experience in designing chips based on functional requirements in order to manipulate requirements in such a way that deviations would not be detected in subsequent stages of ASIC manufacture and where intended malicious functionality would be available to the adversary once integrated into a system and fielded. |
| Integrity |
|---|
| Alter Execution Logic |
- An adversary with access to ASIC functionality requirements for various customers, targets a particular customer’s ordered lot of ASICs by altering its functional requirements such that the ASIC design will result in a manufactured chip that does not meet the customer’s capability needs.