Design Security Rule Check: A Comprehensive Framework for Evaluating Security of Integrated Circuits
The domain of hardware security and trust has seen significant progress over the past decade in the form of attacks as well as countermeasures. For instance, new security primitives have been developed for hardware authentication to improve the security of cryptographic algorithms. The vulnerabilities in the IC supply chain have become major concerns to OCMs and OEMs. Test and debug instruments on chips have become liabilities for chip security as they allow attackers to gain access to internal computations and secrets. Finally, physical and non-physical attacks, and tampering have advanced to a point that new instruments can allow automated tampering, reverse engineering, circuit editing, and more. The major challenge associated with the evaluation of IC design security is the diversity of attacks, attack goals, and potential countermeasures. Careful analysis of these attacks and vulnerabilities shows that there are common (and sometimes conflicting) factors impacting the security of the ICs. There are currently no efforts in place to automatically quantify such vulnerabilities present in an IC design. It is imperative that the semiconductor industry be able to systematically identify vulnerabilities and security issues associated with ICs before tape-out in order to include proper countermeasures or refine the design. In this project, we develop a comprehensive framework, Design Security Rule Check (DSeRC), for analyzing the vulnerability of ICs to various hardware security attacks. DSeRC will read the design files and check for vulnerabilities in the database, which will be tied with metrics so that each design’s security can be quantitatively measured. To develop DSeRC, a series of development efforts will need to be completed, including a most comprehensive set of vulnerabilities for ICs, quantitative metrics evaluating the security of the circuit, the DSeRC tool suite itself, and the low-cost mitigation techniques.
Jan. 1, 2015 – Jan. 1, 2016
Year 1 (Due Jan. 1, 2016): We will develop a software tool that is capable of tracking any external/internal signal-of-interest through out the circuit to identify any potential security vulnerability such as data breach. Both functional mode and test mode operations will be considered. We also plan in developing innovative methods to evaluate a circuit vulnerability to Trojan insertion. Such analysis and design is intended to be performed at RTL and gate-level netlist in year 1 of the project.
Prof. J. Di. Professor, CSCE Department, University of Arkansas
Prof. D. Forte. Assistant Professor, ECE Department, UConn
Prof. M. Tehranipoor. Professor, ECE Department, UConn
Prof. L. Wang. Associate Professor, ECE Department, UConn
Kan Xiao, PhD Student, ECE Department, UConn
Yanping Gong, PhD Student, ECE Department, UConn
Thao Le, PhD Student, CSCE Department, University of Arkansas