Hardware has been constantly augmented for security considerations since the advent of computers. There is also a common perception among computer users that hardware does a relatively better job on security assurance compared to software. Yet, the community has long lacked a comprehensive study to answer questions such as how hardware security support contributes to security, what kind of improvements have been introduced to improve such support and what its advantages/disadvantages are.

By generalizing various security goals, we taxonomize hardware security features and their security properties that can aid in securing program execution, considered as three aspects, i.e., state correctness, runtime protection and input/output protection. Based on this taxonomy, the survey systematically examines 1) the roles: how hardware is applied to achieve security; and 2) the problems: how reported attacks have exploited certain defects in hardware. We see that hardware’s unique advantages and problems co-exist and it highly depends on the desired security purpose as to which type to use. Among the survey findings are also that code as part of hardware (aka. firmware) should be treated differently to ensure security by design; and how research proposals have driven the advancement of commodity hardware features.

自计算机出现以来，出于安全考虑，硬件不断增强。计算机用户还普遍认为，与软件相比，硬件在安全保障方面做得相对更好。然而，社区长期以来缺乏全面的研究来回答诸如硬件安全支持如何有助于安全、引入了哪些改进来改进这种支持以及其优点/缺点等问题。

通过概括各种安全目标，我们对有助于保护程序执行的硬件安全功能及其安全属性进行分类，将其视为三个方面，即状态正确性、运行时保护和输入/输出保护。基于这种分类法，调查系统地研究了 1) 角色：如何应用硬件来实现安全； 2) 问题：报告的攻击如何利用硬件中的某些缺陷。我们看到硬件的独特优势和问题并存，并且它在很大程度上取决于所需的安全目的，即使用哪种类型。调查结果还包括，作为硬件（又名固件）一部分的代码应区别对待，以确保设计的安全性；以及研究提案如何推动商品硬件功能的进步。