Abstract
Verification of security policies represents one of the most critical, complex, and expensive steps of modern SoC design validation. SoC security policies are typically implemented as part of functional design flow, with a diverse set of protection mechanisms sprinkled across various IP blocks. An obvious upshot is that their verification requires comprehension and analysis of the entire system, representing a scalability bottleneck for verification tools. The scale and complexity of industrial SoC is far beyond the analysis capacity of state-of-the-art formal tools; even simulation-based security verification is severely limited in effectiveness because of the need to exercise subtle corner cases across the entire system. We address this challenge by developing a novel security architecture that accounts for verification needs from the ground up. Our framework, ArtiFact, provides an alternative architecture for security policy implementation that exploits a flexible, centralized, infrastructure IP and enables scalable, streamlined verification of these policies. With our architecture, verification of system-level security policies reduces to analysis of this single IP and its interfaces, enabling off-the-shelf formal tools to successfully verify these policies. We introduce a CAD flow that supports both formal and dynamic (simulation-based) verification, and is built on top of such off-the-shelf tools. We demonstrate reduced bug detection as well as verification time with our approach on illustrative policies.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
A. Basak, S. Bhunia, S. Ray, A flexible architecture for systematic implementation of SoC security policies, in IEEE/ACM International Conference on Computer-Aided Design (ICCAD) (2015), pp. 536–543
J. Bhadra, M.S. Abadir, L. Wang, S. Ray, A survey of hybrid technqiues for functional verification. IEEE Des. Test Comput. 24(2), 112–122 (2007)
S. Drzevitzky, Proof-carrying hardware: runtime formal verification for secure dynamic reconfiguration, in FPL (2010)
L. Greenemeier, iPhone hacks annoy AT&T but are unlikely to bruise apple. Scientific American (2007)
X. Guo, R.G. Dutta, P. Mishra, Y. Jin, Scalable SoC trust verification using integrated theorem proving and model checking, in HOST (2016)
A. Gupta, Formal hardware verification methods: a survey. Formal Methods Syst. Des. 2(3), 151–238 (1992)
Homebrew Development Wiki, JTAG-Hack, http://dev360.wikia.com/wiki/JTAG-Hack
JasperGold: formal property verification app (2017). www.jasper-da.com/products
Y. Jin, Y. Makris, Proof carrying-based information flow tracking for data secrecy protection and hardware trust, in VTS (2012)
R. Kaivola, S. Pandav, A. Slobodova, C. Taylor, V.A. Frolov, E. Reeber, A. Naik, Replacing testing with formal verification in intel coretm i7 processor execution engine validation, in CAV (2017)
C. Kern, M. Greenstreet, Formal verification in hardware design: a survey. ACM Trans. Des. Autom. Electron. Syst. 4(2), 123–193 (1999)
M. Rathmair, F. Schupfer, Hardware trojan detection by specifying malicious circuit properties, in ICEIEC (2013)
S. Ray, Scalable Techniques for Formal Verification (Springer, Berlin, 2010)
S. Ray, E. Peeters, M. Tehranipoor, S. Bhunia, System-on-chip platform security assurance: architecture and validation. Proc. IEEE 106(1), 21–37 (2018)
M. Sastry, I. Schoinas, D. Cermak, Method for enforcing resource access control in computer system, in US Patent 20120079590 A1
Y. Zorian, Embedded memory test and repair: infrastructure IP for SOC yield, in International Test Conference (2002), pp. 340–349
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer International Publishing AG, part of Springer Nature
About this chapter
Cite this chapter
Ray, S., Basak, A., Bhunia, S. (2019). SoC Security Policy Verification. In: Security Policy in System-on-Chip Designs. Springer, Cham. https://doi.org/10.1007/978-3-319-93464-8_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-93464-8_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-93463-1
Online ISBN: 978-3-319-93464-8
eBook Packages: EngineeringEngineering (R0)