Abstract
Systematic implementation of System-on-Chip (SoC) security policies typically involves smart wrappers extracting local security-critical events of interest from Intellectual Property (IP) blocks, together with a control engine that communicates with the wrappers to analyze the events for policy adherence. However, developing customized wrappers at each IP for security requirements may incur significant overhead in area and hardware resources. In this chapter, we address this problem by exploiting the extensive design-for-debug (DfD) instrumentation already available on-chip. In addition to reduction in the overall hardware overhead, the approach also adds flexibility to the security architecture itself, e.g., permitting use of on-field DfD instrumentation, survivability, and control hooks to patch security policy implementation in response to bugs and attacks found at post-silicon or changing security requirements on-field. We show how to design scalable interface between security and debug architectures that provides the benefits of flexibility to security policy implementation without interfering with existing debug and survivability use cases and at minimal additional cost in energy and design complexity.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
D. Akselrod, A. Ashkenazi, Y. Amon, Platform independent debug port controller architecture with security protection for multi-processor system-on-chip ICs, in IEEE DATE (2006)
J. Backer, R. Karri, Secure design-for-debug for systems-on-chip, in IEEE ITC (2015)
J. Backer, D. Hely, R. Karri, On enhancing the debug architecture of a system-on-chip (SoC) to detect software attacks, in IEEE DFTS (2015)
A. Basak, S. Bhunia, S. Ray, A flexible architecture for systematic implementation of SoC security policies, in IEEE/ACM International Conference on Computer-Aided Design (ICCAD) (2015), pp. 536–543
A. Basak, S. Bhunia, S. Ray, Exploiting design-for-debug for flexible SoC security architecture, in DAC (2016)
CoreSight on-chip trace & debug architecture, www.arm.com
Debug specifications, mipi.org
J.A. Goguen, J. Meseguer, Security policies and security models, in Proceedings of 1982 IEEE Symposium on Security and Privacy (1982), pp. 11–20
J. Lee, I. Heo, Y. Lee, Y. Paek, Efficient dynamic information flow tracking on a processor with core debug interface, in ACM DAC (2015)
G. Lemieux, D. Lewis, Using sparse crossbars within LUT, in Proceedings of the ACM/SIGDA International Symposium on Field Programmable Gate Arrays (FPGA) (2001), pp. 59–68
ModelSim - leading simulation and debugging. www.mentor.com
J. Rose, V. Betz, FPGA routing architecture: segmentation and buffering to optimize speed and density, in Proceedings of the ACM/SIGDA International Symposium on Field Programmable Gate Arrays (FPGA) (1999), pp. 59–68
B. Vermueulen, Design-for-debug to address next-generation SoC debug concerns, in IEEE ITC (2007)
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer International Publishing AG, part of Springer Nature
About this chapter
Cite this chapter
Ray, S., Basak, A., Bhunia, S. (2019). Exploiting Design-for-Debug in SoC Security Policy Architecture. In: Security Policy in System-on-Chip Designs. Springer, Cham. https://doi.org/10.1007/978-3-319-93464-8_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-93464-8_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-93463-1
Online ISBN: 978-3-319-93464-8
eBook Packages: EngineeringEngineering (R0)