Visible to the public SoC Trust Validation Using Assertion-Based Security Monitors

TitleSoC Trust Validation Using Assertion-Based Security Monitors
Publication TypeConference Paper
Year of Publication2021
AuthorsAlatoun, Khitam, Shankaranarayanan, Bharath, Achyutha, Shanmukha Murali, Vemuri, Ranga
Conference Name2021 22nd International Symposium on Quality Electronic Design (ISQED)
Date Publishedapr
KeywordsAssertion Based Verification, Automata, compiler security, composability, fabrication, Hardware, Layout, Metrics, Property Specification Language, pubcrawl, Resiliency, Runtime, security, Security and Hardware Monitors, System Verilog Assertions, system-on-chip, Tools
AbstractModern SoC applications include a variety of sensitive modules in which data must be protected against malicious access. Security vulnerabilities, when exercised during the SoC operation, lead to denial of service or disclosure of protected data. Hence, it is essential to undertake security validation before and after SoC fabrication and make provisions for continuous security assessment during operation. This paper presents a methodology for optimized post-deployment monitoring of SoC's security properties by migrating pre-fab design security assertions to post-fab run-time security monitors. We show that the method is scalable for large systems and complex properties by optimizing the hardware monitors and applying it to a large SoC design based on a OpenRISC-1200 SoC. About 40 security assertions were specified in System Verilog Assertions (SVA). Following formal verification, the assertions were synthesized into finite state machines and cross optimized. Following code generation in Verilog, commercial logic and layout synthesis tools were used to generate hardware monitors which were then integrated with the SoC design ready for fabrication.
DOI10.1109/ISQED51717.2021.9424363
Citation Keyalatoun_soc_2021