SoC Trust Validation Using Assertion-Based Security Monitors

Khitam Alatoun1, Bharath Shankaranarayanan1, Shanmukha Murali Achyutha2, Ranga Vemuri2
1University of Cincinnati, Cincinnati, Ohio, 2University Of Cincinnati


Abstract

Modern SoC applications include a variety of sensitive modules in which data must be protected against malicious access. Security vulnerabilities, when exercised during the SoC operation, lead to denial of service or disclosure of protected data. Hence, it is essential to undertake security validation before and after SoC fabrication and make provisions for continuous security assessment during operation. This paper presents a methodology for optimized post-deployment monitoring of SoC’s security properties by migrating pre-fab design security assertions to post-fab run-time security monitors. We show that the method is scalable for large systems and complex properties by optimizing the hardware monitors and applying it to a large SoC design based on a OpenRISC- 200 SoC. About 40 security assertions were specified in SVA. Following formal verification, the assertions were synthesized into finite state machines and cross optimized. Following code generation in Verilog, commercial logic and layout synthesis tools were used to generate hardware monitors which were then integrated with the SoC design ready for fabrication.