Abstract
With the increasing design and validation complexities of an SoC coupled with reduced time-to-market constraints, designers have typically integrated pre-qualified third-party Intellectual Property (IP) cores to achieve necessary design productivity. However, many of these IP blocks are designed at different parts of the world in relatively less trustworthy ecosystem/environment. This enhances the risk of unintentional vulnerabilities, malicious modifications, and/or covert backdoors percolating in with the underlying hardware logic or associated firmware of the corresponding IP cores. These may affect the other SoC components to cause system failures at some key points of execution or leak confidential information back to potential adversaries. The usual directed/random tests aimed mainly towards functional/parametric failures and existing static IP-trust verification techniques are mostly incapable of ensuring adequate security coverage against this threat model. Run-time monitoring for potential undependable/devious behavior is necessary to ensure security of SoC operations in the presence of untrustworthy IP cores. In modern SoC design practices, system-level security policies protect the SoC assets/resources from unauthorized access. Systematic implementation of these policies typically involve smart wrappers extracting local security critical events of interest from IP blocks, together with a central control engine that communicates with the wrappers to analyze the events for policy adherence. In this paper, apart from an in-depth discussion of potential effects of untrustworthy IPs on SoC operation, we propose active, run-time SoC protection against this threat by appropriate fine-grained (in time space) security policies implemented in the abovementioned infrastructure. The policy architecture framework is accordingly enhanced with features based on monitoring IP to IP communication at interfaces, micro-architecture internal event correlation as well as multiple independent sources for security event verification, to provide support for these fine-grained policies. The design of this hardware support across different IP types is discussed in detail in the paper. Finally, using a representative SoC model, we implement these proposed security techniques in the policy architecture framework to verify their efficiency for different untrusted IP use cases. The estimated hardware support overhead is moderate for the available protection.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
D.M. Ancajas, K. Chakraborty, S. Roy, Fort-NoCs: mitigating the threat of a compromised NoC, in IEEE DAC (2014), pp. 1–6
M. Banga, M.S. Hsiao, Trusted RTL: Trojan detection methodology in pre-silicon designs, in IEEE HOST (2010), pp. 56–59
A. Basak, S. Bhunia, S. Ray, A flexible architecture for systematic implementation of SoC security policies, in IEEE/ACM International Conference on Computer-Aided Design (ICCAD) (2015), pp. 536–543
A. Basak, S. Bhunia, S. Ray, Exploiting design-for-debug for flexible SoC security architecture, in DAC (2016)
A. Basak, S. Bhunia, T. Tkacik, S. Ray, Security assurance for system-on-chip designs with untrusted IPs. IEEE Trans. Inf. Forensics Secur. 12(7), 1515–1528 (2017)
S. Bhasin , J.L. Danger, S. Guilley, X.T. Ngo, L. Sauvage, Hardware trojan horses in cryptographic IP cores, in IEEE Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC) (2013), pp. 15–29
S. Bhunia, M.S. Hsiao, M. Banga, S. Narasimhan, Hardware Trojan attacks: threat analysis and countermeasures. Proc. IEEE 102(8), 1229–1247 (2014)
R.S. Chakraborty, F. Wolff, S. Paul, C. Papachristou, S. Bhunia, MERO: a statistical approach for hardware Trojan detection, in Workshop on Cryptographic Hardware and Embedded Systems (2009)
CoreSight on-chip trace & debug architecture, www.arm.com
A. Das, G. Memik, J. Zambreno, A. Choudhary, Detecting/preventing information leakage on the memory bus due to malicious hardware, in IEEE DATE (2010), pp. 861–866
F. DaSilva, Y. Zorian, L. Whetsel, K. Arabi, R. Kapur, Overview of the IEEE P1500 Standard, in IEEE ITC, pp. 988–997 (2003)
L. Davi, A. Dmitrienko, M. Egele, T. Fischer, T. Holz, R. Hund, S. Nurnberger, A.R. Sadeghi, MoCFI: a framework to mitigate control-flow attacks on smartphones, in NDSS (2012)
H. David, J. Dubeuf, R. Karri, Run-time detection of hardware Trojans: the processor protection unit, in IEEE ETS (2013), pp. 1–6
Embedded trace macrocell architecture specification, infocenter.arm.com
M. Hicks, M. Finnicum, S.T. King, M.M.K. Martin, J.M. Smith, Overcoming an untrusted computing base: detecting and removing malicious hardware automatically, in IEEE Symposium on Security and Privacy (SP) (2010), pp. 159–72
S. Hogg, Software containers: used more frequently than most realize (2014)
S.T. King, J. Tucek, A. Cozzie, C. Grier, W. Jiang, Y. Zhou, Designing and implementing malicious hardware, in Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats (LEET) (2008)
C. Liu, J.V. Rajendran, C. Yang, R. Karri, Shielding heterogeneous MPSoCs from untrustworthy 3PIPs through security-driven task scheduling, in IEEE DFT (2013), pp. 101–106
E. Love, Y. Jin, Y. Makris, Proof-carrying hardware intellectual property: a pathway to trusted module acquisition. IEEE Trans. Inf. Forensics Secur. 7(1), 25–40 (2011)
P. Patra, On the cusp of a validation wall. IEEE Des. Test Comput. 24(2), 193–196 (2007)
C.P. Pfleeger, S.L. Pfleeger, Security in Computing (Prentice Hall, Upper Saddle River, 2007)
J. Porquet, S. Sethuamdhavan, WHISK: an uncore architecture for dynamic information flow tracking in heterogeneous embedded SoCs, in IEEE (CODES + ISSS) (2013), pp. 1–9
J.V. Rajendran, A.K. Kanuparthi, M. Zahran, S.K. Addepalli, G. Ormazabal, R. Karri, Securing processors against insider attacks: a circuit-microarchitecture co-design approach. IEEE Des. Test Mag. 30(2), 35–44 (2013)
J. Rajendran, V. Vedula, R. Karri, Detecting malicious modifications of data in third-party intellectual property cores. in IEEE DAC (2015), pp. 1–6
H. Salmani, M. Tehranipoor, Analyzing circuit vulnerability to hardware Trojan insertion at the behavioral level, in IEEE DFT (2013), pp. 190–195
R. Simha, B. Narahari, J. Zambreno, A. Choudhary, Secure execution with components from untrusted foundries, in Advanced Networking and Communications Hardware Workshop (2006), pp. 1–6
S. Skorobogatov, C. Woods, Breakthrough silicon scanning discovers backdoor in military chip, in CHES (2012), pp. 23–40
A. Waksman, S. Sethumadhavan, Tamper evident microprocessors, in IEEE Symposium on Security and Privacy (2010), pp. 173–188
A. Waksman, S. Sethumadhavan, Silencing hardware backdoors, in IEEE Symposium on Security and Privacy (2011), pp. 49–63
A. Waksman, M. Suozzo, S. Sethumadhavan, FANCI: identification of stealthy malicious logic using boolean functional analysis, in Proceedings of ACM CCS (2013), pp. 697–708
S. Yerramili, Addressing post-silicon validation challenge: leverage validation and test synergy, in International Test Conference (ITC 2006) (2006)
X. Zhang, M. Tehranipoor, Case study: detecting hardware Trojans in third-party digital IP cores, in IEEE HOST (2011), pp. 67–70
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer International Publishing AG, part of Springer Nature
About this chapter
Cite this chapter
Ray, S., Basak, A., Bhunia, S. (2019). Security Assurance in SoC in the Presence of Untrusted Components. In: Security Policy in System-on-Chip Designs. Springer, Cham. https://doi.org/10.1007/978-3-319-93464-8_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-93464-8_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-93463-1
Online ISBN: 978-3-319-93464-8
eBook Packages: EngineeringEngineering (R0)