An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Metrics and Methodology for Hardware Security Constructs
Published
Author(s)
Sanjay Rekhi, Kostas Amberiadis
Abstract
Although hardware is commonly believed to be security-resilient, it is often susceptible to vulnerabilities arising from design and implementation flaws. These flaws have the potential to jeopardize not only the hardware's security, but also its operations and critical user information. In this investigation, we present a comprehensive methodology for assessing threats related to some of the most critical hardware weaknesses. The methodology evaluates various weaknesses and the attacks that can potentially exploit them, resulting in two key metrics: a threat metric, which quantifies the number of hardware weaknesses that an attack can exploit, and a sensitivity metric, which measures the number of distinct attacks that can target a hardware system with a specific weakness. These metrics and the accompanying analysis aim to guide security efforts and optimize the trade-offs between hardware security and associated costs.
Rekhi, S.
and Amberiadis, K.
(2025),
Metrics and Methodology for Hardware Security Constructs, NIST Cybersecurity White Papers (CSWP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.CSWP.45, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=959315
(Accessed June 8, 2025)