Modern systems-on-chip (SoCs) implement many security features to protect various assets like end user data, keys, fuses and OEM assets. As hardware security features and related attacks are increasing, functional validation of these security features is proving inadequate to address these challenges. While functional validation ensures proper functionality of the product, security validation allows for a more secure and robust product by evaluating features with security implications, analyzing the security impact and business risk of bugs/vulnerabilities that are discovered, and verifying bug fixes.
In this tutorial, using a generic System on Chip (SoC) as an example, we describe a security assurance methodology, some recent research results and discuss some open problems for the hardware security community. The focus areas of the tutorial are based in part on the learnings from security evaluations performed on commercial (Intel) products as well as our own expertise. This tutorial will be organized as follows:
Part I (Security Architecture): To lay foundation for the security assurance process, we describe the general security architecture features such as access control, isolation and cryptographic primitives using a simple and generic SoC architecture. We will describe the security objectives, security requirements of this SoC, the adversary model and the threat model under consideration.
Part II (Common HW Security Vulnerabilities): We will describe the concepts of vulnerability analysis and determine the severity of some example hardware and firmware vulnerabilities. We will suggest a generic classification of hardware security vulnerabilities and common mitigation techniques.
Part III (Methodology for SoC Validation): We describe our methodology and best known methods for SoC security validation. We first show how SoC security requirements are translated into specific validation objectives. We will then discuss tools and techniques -- such as randomized testing and formal/semi-formal methods for information-flow verification -- that can be used to ensure these objectives are met by the SoC. We will conclude with a discussion of open research challenges in SoC security validation.
The topics covered are generally applicable to all SoC products. Through this tutorial, we are looking to engage with security researchers from academia and industry and hope this will eventually lead to the development of improved security validation techniques and best practices.
DAC is the premier conference devoted to the design and automation of electronic systems (EDA), embedded systems and software (ESS), and intellectual property (IP).
DAC 2017 will be held in Austin, Texas, at the Austin Convention Center. Get details about travel, hotels, and area attractions in one convenient spot.