Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Metrics and Methodology for Hardware Security Constructs

Published

Author(s)

Sanjay Rekhi, Kostas Amberiadis

Abstract

Although hardware is commonly believed to be security-resilient, it is often susceptible to vulnerabilities arising from design and implementation flaws. These flaws have the potential to jeopardize not only the hardware's security, but also its operations and critical user information. In this investigation, we present a comprehensive methodology for assessing threats related to some of the most critical hardware weaknesses. The methodology evaluates various weaknesses and the attacks that can potentially exploit them, resulting in two key metrics: a threat metric, which quantifies the number of hardware weaknesses that an attack can exploit, and a sensitivity metric, which measures the number of distinct attacks that can target a hardware system with a specific weakness. These metrics and the accompanying analysis aim to guide security efforts and optimize the trade-offs between hardware security and associated costs.
Citation
NIST Cybersecurity White Papers (CSWP) - 45
Report Number
45

Keywords

CWE most important hardware weaknesses, CAPEC attack patterns, security metrics

Citation

Rekhi, S. and Amberiadis, K. (2025), Metrics and Methodology for Hardware Security Constructs, NIST Cybersecurity White Papers (CSWP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.CSWP.45, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=959315 (Accessed June 7, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created June 5, 2025
Was this page helpful?