Resilient Architecture for System-on-Chip Platform Security

Faculty:Swarup Bhunia
Project Description:There is a critical need tocdevelop novel SoC architecture that can ensure trusted SoC operation in presence of untrusted IPs and communication fabrics. We are addressing this need by developing of a SoC security architecture which provides resiliency against possible attacks by rogue IPs or interconnect fabrics to achieve trusted SoC design using untrusted IP blocks. Our resilience architecture is based on a “centralized security brain”, i.e., a single IP called security policy engine (SPE) which enforces system-level policies and works in collaboration distributed Satellite Units (SUs) that work as “local policy brains”. We develop fine-grained policies that enable on-the-fly detection and mitigation of suspicious run-time activity that affect the system-level functionality. We focus on several specific attack scenarios involving system level hardware Trojans and untrusted IPs running on malicious firmware. We have deployed our solution into a SoC design, which, albeit academic, reflects the relevant features of NoC-based\ industrial SoC designs. Our (current and planned) experiments include determining area and power overhead of this architecture as well as the congestion induced in the fabric by the need to communicate security-critical events to SPE.