Security is a full-system property. All components in a system, including the hardware, should be secured to create a trustworthy system. While software attacks and defenses have received much attention for decades, the dangers of hardware vulnerabilities have only recently been given serious attention. There is considerable concern that malicious designs can be produced. Additionally, once designs are sent for manufacturing, adversaries may modify the manufacturing blueprint to include malicious circuits that can exfiltrate sensitive information or cause the design to fail in unexpected ways.
Companies buying intellectual property (such as encryption devices, USB or SATA controllers) from third-party vendors to integrate them into their designs worry that these third-party components may have embedded backdoors. These backdoors may exist in the source code and be turned on after deployment to siphon off secrets, or to perform other malicious activities. Backdoors injected by the foundry, such as erroneous dopant levels, can cause malicious payloads, such as poor quality pseudo-random numbers. An advantage of foundry-level attack is that there is little oversight over the manufacturing process. Both the design and manufacturing of hardware pose security risks, which, if unmitigated, impair the ability to create and protect systems.