Hardware plays a major role in our everyday life. Despite the technological thrive, there remain various security issues regarding hardware weaknesses that needed to be addressed carefully. Hence, an in-depth vision of the vulnerabilities that may exist in hardware design is delivered in this study by generating a network model that contains the most common weaknesses reported in common weakness enumeration (CWE). The main goal of the generated network is to deeply analyze the relations between different hardware designs and security weaknesses. Based on the conducted analysis, recommendations and suggestions are given to benefit many parties including hardware security developers. Accordingly, the analysis approach depends on different concepts that are inspired by the field of network science. The generated model is illustrated in a graph, wherein the nodes are the weaknesses, and the edges are created if two weaknesses have a relation to each other. Promising findings have been attained and can be observed in the given model. For instance, the weaknesses CWE-441, CWE-1189, CWE-276, and CWE-1304 have not been given enough attention by the CWE and should be highly considered by software developers. Moreover, a rank for the hardware vulnerabilities based on network metrics is provided and compared with the most recently announced list of top hardware weaknesses by CWE. It is found that only two weaknesses are in common between the two lists, which indicates that the CWE list does not highly consider the relations among the weaknesses.
Key words: Complex networks, CWE vulnerabilities, Data analysis, Hardware vulnerabilities
|