An Adaptable System-on-Chip Security Architecture for Internet of Things Applications

  • Atul Prasad Deb NathEmail author
  • Tamzidul Hoque
  • Sandip Ray
  • Swarup Bhunia
Part of the Internet of Things book series (ITTCC)


Modern-day System-on-Chip (SoC) security architectures designed for smart connected devices, such as Internet of Things (IoT) and automotive applications, are often confined by two crucial design aspects: in-field configuration and low overhead. Due to the restrictions posed by these design aspects, it is extremely difficult to develop a robust and adaptable architecture for SoC security policies in IoT and automotive platforms. Security policies, on the other hand, are of critical significance as they implement the confidentiality, integrity, and availability requirements of diverse on-chip security assets. During the complex and often a long life of a system, security requirements evolve, giving rise to the need of adapting security policies. Existing SoC architecture and design flow do not provide the flexibility for easy adaptation of SoC security policies based on emerging threats or security requirements. To address these design constraints and subsequent limitations, a novel security architecture and CAD flow is proposed in this work for efficient implementation of diverse security policies. The adaptable architecture and associated CAD flow enable hardware patching through a reconfigurable security policy engine that can be seamlessly and securely upgraded in-field to address unanticipated attacks and update new security requirements. The infrastructure of the proposed security framework is build with three primary building blocks. First, a centralized Reconfigurable Security Policy Engine (RSPE) is introduced to implement and upgrade policies in-field without comprehensive changes in the architecture. Second, a set of smart security wrappers are developed for efficient extraction of security critical event information and avoidance of communication bottleneck. Third, the on-chip debug instrumentation i.e.  the Design-for-Debug (DfD) infrastructure is employed with minimal modification for extensive access to an arbitrary number of signals of the SoC. A suitable CAD framework is also proposed along with the architecture to systematically implement diverse security policies. The result analysis shows that the architecture provides a high level of adaptability with minimal overhead in terms of power, area, energy, and performance. Hence, the security architecture is highly suited for SoC in IoTs and automotive systems operating in a rigid boundary of performance and energy profiles.


  1. 1.
    Evans, D.: The internet of things—how the next evolution of the internet is changing everything. White Paper, Cisco Internet Business Solutions Group (IBSG) (2011)Google Scholar
  2. 2.
    Sastry, M.R., Schoinas, I.T., Cermak, D.M.: Method for enforcing resource access control in computer system. US Patent 20120079590 A1 (2012)Google Scholar
  3. 3.
    Krstic, S. et al.: Security of SoC firmware load protocol. HOST (2014)Google Scholar
  4. 4.
    Li, X. et al.: Sapper: a language for hardware level security policy enforcement. ASPLOS (2014)Google Scholar
  5. 5.
    Rushby, J.: Noninterference, transitivity, and channel-control security policies. SRI International, Computer Science Laboratory (1992)Google Scholar
  6. 6.
    ARM: Building a secure system using trustzone technology. ARM Limited (2009)Google Scholar
  7. 7.
    Basak, A., Bhunia, S., Ray, S.: A flexible architecture for systematic implementation of SoC security policies. IEEE ICCAD (2015)Google Scholar
  8. 8.
    Miettinen, M., Heuser, S., Kronz, W., Sadeghi, A.-R., Asokan, N.: Conxsense: automated context classification for context-aware access control. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, pp. 293–304. ACM (2014)Google Scholar
  9. 9.
    Conti, M., Crispo, B., Fernandes, E., Zhauniarovich, Y.: Crêpe: a system for enforcing fine-grained context-related policies on android. IEEE Tran. Inf. Forensics Sec. 7(5), 1426–1438 (2012)CrossRefGoogle Scholar
  10. 10.
    Hull, R., Kumar, B., Lieuwen, D., Patel-Schneider, P.F., Sahuguet, A., Varadarajan, S., Vyas, A.: Enabling context-aware and privacy-conscious user data sharing. In: 2004 IEEE International Conference on Mobile Data Management, 2004. Proceedings, pp. 187–198. IEEE (2004)Google Scholar
  11. 11.
    Goguen, J.A., Meseguer, J.: Security policies and security models. In: IEEE Symposium on Security and Privacy, IEEE, pp. 11–11 (1982)Google Scholar
  12. 12.
    Ray, S., Yang, J., Basak, A., Bhunia, S.: Correctness and security at odds: post-silicon validation of modern SoC designs. In: DAC (2015)Google Scholar
  13. 13.
    Amtoft, T., Bandhakavi, S., Banerjee, A.: A logic for information flow in object-oriented programs. ACM SIGPLAN Notices 41(1), 91–102 ACM (2006)CrossRefGoogle Scholar
  14. 14.
    Alpern, B., Schneider, F.B.: Recognizing safety and liveness. Distrib. Comput. 2(3), 117–126 (1987)CrossRefGoogle Scholar
  15. 15.
    Borisov, N., Johnson, R., Sastry, N., Wagner, D.: Fixing races for fun and profit: how to abuse a time (2005)Google Scholar
  16. 16.
    Ray, S., Jin, Y.: Security policy enforcement in modern soc designs. In: 2015 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), Nov 2015, pp. 345–350Google Scholar
  17. 17.
    Loucaides, J., Furtak, A.: A new class of vulnerability in SMI handlers of BIOS/UEFI firmware. In: The \(15\)th Annual CanSecWest Conference (CanSecWest) (2015)Google Scholar
  18. 18.
    Nath, A.P.D., Ray, S., Basak, A., Bhunia, S.: System-on-chip security architecture and cad framework for hardware patch. In: 2018 23rd Asia and South Pacific Design Automation Conference (ASP-DAC), Jan 2018, pp. 733–738Google Scholar
  19. 19.
    Basak, A., Bhunia, S., Ray, S.: Exploiting design-for-debug for flexible SoC security architecture. In: DAC (2016)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Atul Prasad Deb Nath
    • 1
    Email author
  • Tamzidul Hoque
    • 1
  • Sandip Ray
    • 1
  • Swarup Bhunia
    • 1
  1. 1.Department of Electrical and Computer EngineeringUniversity of FloridaGainesvilleUSA

Personalised recommendations