Security Assurance in SoC in the Presence of Untrusted Components

  • Sandip Ray
  • Abhishek Basak
  • Swarup Bhunia


With the increasing design and validation complexities of an SoC coupled with reduced time-to-market constraints, designers have typically integrated pre-qualified third-party Intellectual Property (IP) cores to achieve necessary design productivity. However, many of these IP blocks are designed at different parts of the world in relatively less trustworthy ecosystem/environment. This enhances the risk of unintentional vulnerabilities, malicious modifications, and/or covert backdoors percolating in with the underlying hardware logic or associated firmware of the corresponding IP cores. These may affect the other SoC components to cause system failures at some key points of execution or leak confidential information back to potential adversaries. The usual directed/random tests aimed mainly towards functional/parametric failures and existing static IP-trust verification techniques are mostly incapable of ensuring adequate security coverage against this threat model. Run-time monitoring for potential undependable/devious behavior is necessary to ensure security of SoC operations in the presence of untrustworthy IP cores. In modern SoC design practices, system-level security policies protect the SoC assets/resources from unauthorized access. Systematic implementation of these policies typically involve smart wrappers extracting local security critical events of interest from IP blocks, together with a central control engine that communicates with the wrappers to analyze the events for policy adherence. In this paper, apart from an in-depth discussion of potential effects of untrustworthy IPs on SoC operation, we propose active, run-time SoC protection against this threat by appropriate fine-grained (in time space) security policies implemented in the abovementioned infrastructure. The policy architecture framework is accordingly enhanced with features based on monitoring IP to IP communication at interfaces, micro-architecture internal event correlation as well as multiple independent sources for security event verification, to provide support for these fine-grained policies. The design of this hardware support across different IP types is discussed in detail in the paper. Finally, using a representative SoC model, we implement these proposed security techniques in the policy architecture framework to verify their efficiency for different untrusted IP use cases. The estimated hardware support overhead is moderate for the available protection.


  1. 2.
    D.M. Ancajas, K. Chakraborty, S. Roy, Fort-NoCs: mitigating the threat of a compromised NoC, in IEEE DAC (2014), pp. 1–6Google Scholar
  2. 5.
    M. Banga, M.S. Hsiao, Trusted RTL: Trojan detection methodology in pre-silicon designs, in IEEE HOST (2010), pp. 56–59Google Scholar
  3. 6.
    A. Basak, S. Bhunia, S. Ray, A flexible architecture for systematic implementation of SoC security policies, in IEEE/ACM International Conference on Computer-Aided Design (ICCAD) (2015), pp. 536–543Google Scholar
  4. 7.
    A. Basak, S. Bhunia, S. Ray, Exploiting design-for-debug for flexible SoC security architecture, in DAC (2016)Google Scholar
  5. 8.
    A. Basak, S. Bhunia, T. Tkacik, S. Ray, Security assurance for system-on-chip designs with untrusted IPs. IEEE Trans. Inf. Forensics Secur. 12(7), 1515–1528 (2017)CrossRefGoogle Scholar
  6. 10.
    S. Bhasin , J.L. Danger, S. Guilley, X.T. Ngo, L. Sauvage, Hardware trojan horses in cryptographic IP cores, in IEEE Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC) (2013), pp. 15–29Google Scholar
  7. 11.
    S. Bhunia, M.S. Hsiao, M. Banga, S. Narasimhan, Hardware Trojan attacks: threat analysis and countermeasures. Proc. IEEE 102(8), 1229–1247 (2014)CrossRefGoogle Scholar
  8. 13.
    R.S. Chakraborty, F. Wolff, S. Paul, C. Papachristou, S. Bhunia, MERO: a statistical approach for hardware Trojan detection, in Workshop on Cryptographic Hardware and Embedded Systems (2009)Google Scholar
  9. 14.
    CoreSight on-chip trace & debug architecture,
  10. 16.
    A. Das, G. Memik, J. Zambreno, A. Choudhary, Detecting/preventing information leakage on the memory bus due to malicious hardware, in IEEE DATE (2010), pp. 861–866Google Scholar
  11. 17.
    F. DaSilva, Y. Zorian, L. Whetsel, K. Arabi, R. Kapur, Overview of the IEEE P1500 Standard, in IEEE ITC, pp. 988–997 (2003)Google Scholar
  12. 18.
    L. Davi, A. Dmitrienko, M. Egele, T. Fischer, T. Holz, R. Hund, S. Nurnberger, A.R. Sadeghi, MoCFI: a framework to mitigate control-flow attacks on smartphones, in NDSS (2012)Google Scholar
  13. 19.
    H. David, J. Dubeuf, R. Karri, Run-time detection of hardware Trojans: the processor protection unit, in IEEE ETS (2013), pp. 1–6Google Scholar
  14. 22.
    Embedded trace macrocell architecture specification,
  15. 31.
    M. Hicks, M. Finnicum, S.T. King, M.M.K. Martin, J.M. Smith, Overcoming an untrusted computing base: detecting and removing malicious hardware automatically, in IEEE Symposium on Security and Privacy (SP) (2010), pp. 159–72Google Scholar
  16. 32.
    S. Hogg, Software containers: used more frequently than most realize (2014)Google Scholar
  17. 38.
    S.T. King, J. Tucek, A. Cozzie, C. Grier, W. Jiang, Y. Zhou, Designing and implementing malicious hardware, in Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats (LEET) (2008)Google Scholar
  18. 43.
    C. Liu, J.V. Rajendran, C. Yang, R. Karri, Shielding heterogeneous MPSoCs from untrustworthy 3PIPs through security-driven task scheduling, in IEEE DFT (2013), pp. 101–106Google Scholar
  19. 45.
    E. Love, Y. Jin, Y. Makris, Proof-carrying hardware intellectual property: a pathway to trusted module acquisition. IEEE Trans. Inf. Forensics Secur. 7(1), 25–40 (2011)CrossRefGoogle Scholar
  20. 50.
    P. Patra, On the cusp of a validation wall. IEEE Des. Test Comput. 24(2), 193–196 (2007)MathSciNetCrossRefGoogle Scholar
  21. 51.
    C.P. Pfleeger, S.L. Pfleeger, Security in Computing (Prentice Hall, Upper Saddle River, 2007)Google Scholar
  22. 52.
    J. Porquet, S. Sethuamdhavan, WHISK: an uncore architecture for dynamic information flow tracking in heterogeneous embedded SoCs, in IEEE (CODES +  ISSS) (2013), pp. 1–9Google Scholar
  23. 53.
    J.V. Rajendran, A.K. Kanuparthi, M. Zahran, S.K. Addepalli, G. Ormazabal, R. Karri, Securing processors against insider attacks: a circuit-microarchitecture co-design approach. IEEE Des. Test Mag. 30(2), 35–44 (2013)CrossRefGoogle Scholar
  24. 54.
    J. Rajendran, V. Vedula, R. Karri, Detecting malicious modifications of data in third-party intellectual property cores. in IEEE DAC (2015), pp. 1–6Google Scholar
  25. 63.
    H. Salmani, M. Tehranipoor, Analyzing circuit vulnerability to hardware Trojan insertion at the behavioral level, in IEEE DFT (2013), pp. 190–195Google Scholar
  26. 65.
    R. Simha, B. Narahari, J. Zambreno, A. Choudhary, Secure execution with components from untrusted foundries, in Advanced Networking and Communications Hardware Workshop (2006), pp. 1–6Google Scholar
  27. 66.
    S. Skorobogatov, C. Woods, Breakthrough silicon scanning discovers backdoor in military chip, in CHES (2012), pp. 23–40Google Scholar
  28. 70.
    A. Waksman, S. Sethumadhavan, Tamper evident microprocessors, in IEEE Symposium on Security and Privacy (2010), pp. 173–188Google Scholar
  29. 71.
    A. Waksman, S. Sethumadhavan, Silencing hardware backdoors, in IEEE Symposium on Security and Privacy (2011), pp. 49–63Google Scholar
  30. 72.
    A. Waksman, M. Suozzo, S. Sethumadhavan, FANCI: identification of stealthy malicious logic using boolean functional analysis, in Proceedings of ACM CCS (2013), pp. 697–708Google Scholar
  31. 75.
    S. Yerramili, Addressing post-silicon validation challenge: leverage validation and test synergy, in International Test Conference (ITC 2006) (2006)Google Scholar
  32. 76.
    X. Zhang, M. Tehranipoor, Case study: detecting hardware Trojans in third-party digital IP cores, in IEEE HOST (2011), pp. 67–70Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2019

Authors and Affiliations

  • Sandip Ray
    • 1
  • Abhishek Basak
    • 2
  • Swarup Bhunia
    • 3
  1. 1.University of FloridaAustinUSA
  2. 2.Intel CorporationHilsboroUSA
  3. 3.Electrical and Computer EngineeringUniversity of Florida, Larsen Hall 216GainesvilleUSA

Personalised recommendations