NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Metrics and Methodology for Hardware Security Constructs

Published

Author(s)

Sanjay Rekhi, Kostas Amberiadis, Abir Ahsan Akib, Ankur Srivastava

Abstract

Although hardware is commonly believed to be security-resilient, it is often susceptible to vulnerabilities arising from design and implementation flaws. These flaws have the potential to jeopardize not only the hardware's security, but also its operations and critical user information. In this investigation, we present a comprehensive methodology for assessing threats related to some of the most critical hardware weaknesses. The methodology evaluates various weaknesses and the attacks that can potentially exploit them, resulting in two key metrics: a threat metric, which quantifies the number of hardware weaknesses that an attack can exploit, and a sensitivity metric, which measures the number of distinct attacks that can target a hardware system with a specific weakness. These metrics and the accompanying analysis aim to guide security efforts and optimize the trade-offs between hardware security and associated costs.
Citation
NIST Cybersecurity White Papers (CSWP) - 45
Report Number
45
Pub Type
NIST Pubs

Download Paper

https://doi.org/10.6028/NIST.CSWP.45
Local Download

Keywords

CWE most important hardware weaknesses, CAPEC attack patterns, security metrics
Risk management, Electronics and Cybersecurity measurement

Citation

Rekhi, S. , Amberiadis, K. , Akib, A. and Srivastava, A. (2025), Metrics and Methodology for Hardware Security Constructs, NIST Cybersecurity White Papers (CSWP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.CSWP.45, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=959315 (Accessed October 13, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created June 5, 2025, Updated July 1, 2025
Was this page helpful?