[ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ] [ 16 ] [ 17 ] [ 18 ]

Journal of Information Science and Engineering, Vol. 36 No. 2, pp. 387-421

Enhancing Architecture-level Security of SoC Designs via the Distributed Security IPs Deployment Methodology

School of Computer Science and Technology
Xidian University
Xi'an, 710071 P.R. China
E-mail: zhhuang@stu.xidian.edu.cn; qwang@xidian.edu.cn

The vulnerability of modern System-on-Chip (SoC) eco-industrial chain model has incurred a variety of rogue entities, such as hardware Trojans, participating in all stages of current SoC design-fabrication processes, resulting in serious security risks. To effectively address the security issues, design-for-security (DfS) technology, e.g., incorporating dedicated on-chip security assurance to facilitate the verification, test, and validation of SoCs, has become the essential strategies in design-time considerations. However, existing DfS measures are targeted at intellectual property (IP) core-level security threats and require specific design modifications to eliminate the dependencies of IP types. In particular, the heterogeneous characteristics of current SoCs and functional diversity of IP types make many IP core-level DfS solutions difficult to adapt or scale to the system level. Moreover, current DfS mechanisms act only at certain stages and thus fail to provide process-wide defense. In this paper, we propose a novel, robust security architecture (MSIPS) to enhance the security of SoCs during the test time and runtime. Unlike existing solutions for the IP core-level problems, our MSIPS also considers the architecture-level security threats and exploits a distributed security IPs deployment strategy to ensure trusted SoC operations with untrusted IPs. In particular, we realize fine-grained IP-protection aware security policies in MSIPS to defend against: (1) hardware Trojan attacks with multi-parameters side-channel analysis primitive; (2) SoC or hardware IP thefts with physically unclonable function (PUF) primitive; and (3) abnormal behavior monitoring and verification with anomaly security auditing primitive. We have implemented this framework on an FPGA platform. Experimental results demonstrate the effectiveness of the proposed approach for providing system protection against diverse attacks. As centralized low-overhead on-chip modules, security IPs reside outside the functional IPs and have the features of flexibility, scalability, and diversity.

Keywords: system-on-chip, design-for-security, security IPs, distributed deployment, hardware trojan detection, IP theft defense, anomaly monitoring

  Retrieve PDF document (JISE_202002_16.pdf)