Exploiting design-for-debug for flexible SoC security architecture

Systematic implementation of System-on-Chip (SoC) security policies typically involves smart wrappers extracting local security critical events of interest from Intellectual Property (IP) blocks, together with a control engine that communicates with the wrappers to analyze the events for policy adherence. However, developing customized wrappers at each IP for security requirements may incur significant overhead in area and hardware resources. In this paper, we address this problem by exploiting the extensive design-fordebug (DfD) instrumentation already available on-chip. In addition to reduction in the overall hardware overhead, the approach also adds flexibility to the security architecture itself, e.g., permitting use of on-field DfD instrumentation, survivability and control hooks to patch security policy implementation in response to bugs and attacks found at postsilicon or changing security requirements on-field. We show how to design scalable interface between security and debug architectures that provides the benefits of flexibility to security policy implementation without interfering with existing debug and survivability use cases and at minimal additional cost in energy and design complexity.

[1]  Swarup Bhunia,et al.  Correctness and security at odds: Post-silicon validation of modern SoC designs , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[2]  Ramesh Karri,et al.  On enhancing the debug architecture of a system-on-chip (SoC) to detect software attacks , 2015, 2015 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFTS).

[3]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[4]  Ahmad-Reza Sadeghi,et al.  ConXsense: automated context classification for context-aware access control , 2013, AsiaCCS.

[5]  Yunheung Paek,et al.  Efficient dynamic information flow tracking on a processor with core debug interface , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[6]  Swarup Bhunia,et al.  A flexible architecture for systematic implementation of SoC security policies , 2015, 2015 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[7]  Mauro Conti,et al.  CRêPE: A System for Enforcing Fine-Grained Context-Related Policies on Android , 2012, IEEE Transactions on Information Forensics and Security.

[8]  Bart Vermeulen Design-for-debug to address next-generation soc debug concerns , 2007 .

[9]  Yu Zheng,et al.  IIPS: Infrastructure IP for Secure SoC Design , 2015, IEEE Transactions on Computers.

[10]  Sandip Ray,et al.  Security policy enforcement in modern SoC designs , 2015, 2015 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[11]  Ramesh Karri,et al.  Secure design-for-debug for Systems-on-Chip , 2015, 2015 IEEE International Test Conference (ITC).